CVE-2008-4558
published 2008-10-15CVE-2008-4558: Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a…
PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
8.49%
94.4th percentile
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 0.9.3-1 (bookworm) | vlc 0.9.3-1 (bookworm) |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | >= 0 < 0.9.3-1 | 0.9.3-1 |
| videolan | vlc_media_player | >= 0 < 0.9.3-1 | 0.9.3-1 |
| videolan | vlc_media_player | >= 0 < 0.9.3-1 | 0.9.3-1 |
| videolan | vlc_media_player | >= 0 < 0.9.3-1 | 0.9.3-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2008-4558: vlc - Array index error in VLC media player 0.9.2 allows remote attackers to overwrite...
vendor_debian·2008·CVSS 6.8
CVE-2008-4558 [MEDIUM] CVE-2008-4558: vlc - Array index error in VLC media player 0.9.2 allows remote attackers to overwrite...
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
Scope: local
bookworm: resolved (fixed in 0.9.3-1)
bullseye: resolved (fixed in 0.9.3-1)
forky: resolved (fixed in 0.9.3-1)
sid: resolved (fixed in 0.9.3-1)
trixie: resolved (fixed in 0.9.3-1)
GHSA
GHSA-hh4p-jcm5-55rv: Array index error in VLC media player 0
ghsa_unreviewed·2022-05-02
CVE-2008-4558 [MEDIUM] GHSA-hh4p-jcm5-55rv: Array index error in VLC media player 0
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
OSV
CVE-2008-4558: Array index error in VLC media player 0
osv·2008-10-15·CVSS 6.8
CVE-2008-4558 [MEDIUM] CVE-2008-4558: Array index error in VLC media player 0
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
No detection rules found.
Exploit-DB
VideoLAN VLC Media Player 0.9.2 Media Player - XSPF Memory Corruption
exploitdb·2008-10-14
CVE-2008-4558 VideoLAN VLC Media Player 0.9.2 Media Player - XSPF Memory Corruption
VideoLAN VLC Media Player 0.9.2 Media Player - XSPF Memory Corruption
---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
VLC media player XSPF Memory Corruption
1. *Advisory Information*
Title: VLC media player XSPF Memory Corruption
Advisory ID: CORE-2008-1010
Advisory URL: http://www.coresecurity.com/content/vlc-xspf-memory-corruption
Date published: 2008-10-14
Date of last update: 2008-10-14
Vendors contacted: VLC
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Memory corruption
Remotely Exploitable: Yes (client side)
Locally Exploitable: No
Bugtraq ID: N/A
CVE Name: N/A
3. *Vulnerability Description*
VLC media player is an open-source, highly portable multimedia play
Exploit-DB
CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow
exploitdb·2008-03-16
CVE-2008-1472 CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow
CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow
---
Tested on:
- CA BrightStor ARCserve Backup r11.5 (ftp://ftp.ca.com/priv/trial/BABr11/BABLDr115/BABLDr115.zip)
- IE 6
- XP SP2 Polish
Details:..
Filename: CA\DSM\bin\ListCtrl.ocx
File description: Unicenter DSM r11 List Control ATX
CLSID: {BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}
ProgID: LISTCTRL.ListCtrlCtrl.1
Version: 11.2.3.1895
Company: CA
AddColumn(%u4141%u4141..[128], 1);
Exception C0000005 (ACCESS_VIOLATION reading [41414141])
EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EBX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
ECX=41414141: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDX=7C9037D8: 8B 4C 24 04 F7 41 04 06-00 00 00 B8 01 00 00 00
ESP=0012A9C4: BF 37 90 7C AC AA 12 00-9
http://secunia.com/advisories/32267http://www.coresecurity.com/content/vlc-xspf-memory-corruptionhttp://www.exploit-db.com/exploits/6756http://www.securityfocus.com/archive/1/497354/100/0/threadedhttp://www.securityfocus.com/bid/31758http://www.vupen.com/english/advisories/2008/2826https://exchange.xforce.ibmcloud.com/vulnerabilities/45869https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726http://secunia.com/advisories/32267http://www.coresecurity.com/content/vlc-xspf-memory-corruptionhttp://www.exploit-db.com/exploits/6756http://www.securityfocus.com/archive/1/497354/100/0/threadedhttp://www.securityfocus.com/bid/31758http://www.vupen.com/english/advisories/2008/2826https://exchange.xforce.ibmcloud.com/vulnerabilities/45869https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726
2008-10-15
Published