CVE-2007-0017

Current Description

Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.

Referenced by CVEs:

CVE-2007-0255

Basic Data

Published	January 03, 2007
Last Modified	October 11, 2017
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	CWE-134
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	MEDIUM
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	PARTIAL
CVSS 2 - Availability Impact	PARTIAL
CVSS 2 - Base Score	6.8
Severity	MEDIUM
Exploitability Score	8.6
Impact Score	6.4
Obtain All Privilege	false
Obtain User Privilege	true
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	Application	Videolan	Vlc Media Player	0.7.0	*	*	*	*	*	*	*
2.3	Application	Videolan	Vlc Media Player	0.7.1	*	*	*	*	*	*	*
2.3	Application	Videolan	Vlc Media Player	0.7.2	*	*	*	*	*	*	*
2.3	Application	Videolan	Vlc Media Player	0.8.0	*	*	*	*	*	*	*
2.3	Application	Videolan	Vlc Media Player	0.8.1	*	*	*	*	*	*	*
2.3	Application	Videolan	Vlc Media Player	0.8.2	*	*	*	*	*	*	*
2.3	Application	Videolan	Vlc Media Player	0.8.4	*	*	*	*	*	*	*
2.3	Application	Videolan	Vlc Media Player	0.8.4a	*	*	*	*	*	*	*
2.3	Application	Videolan	Vlc Media Player	0.8.5	*	*	*	*	*	*	*
2.3	Application	Videolan	Vlc Media Player	0.8.6	*	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Videolan	Vlc Media Player	0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.8.1, 0.8.2, 0.8.4, 0.8.4a, 0.8.5, 0.8.6

References

Name	Source	URL	Tags
http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html	http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html	MISC
http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html	http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html	MISC
31163	http://osvdb.org/31163	OSVDB
http://projects.info-pull.com/moab/MOAB-02-01-2007.html	http://projects.info-pull.com/moab/MOAB-02-01-2007.html	MISC	Exploit Vendor Advisory
23592	http://secunia.com/advisories/23592	SECUNIA	Vendor Advisory
23829	http://secunia.com/advisories/23829	SECUNIA	Vendor Advisory
23910	http://secunia.com/advisories/23910	SECUNIA	Vendor Advisory
23971	http://secunia.com/advisories/23971	SECUNIA	Vendor Advisory
GLSA-200701-24	http://security.gentoo.org/glsa/glsa-200701-24.xml	GENTOO
1017464	http://securitytracker.com/id?1017464	SECTRACK
http://trac.videolan.org/vlc/changeset/18481	http://trac.videolan.org/vlc/changeset/18481	CONFIRM
DSA-1252	http://www.debian.org/security/2007/dsa-1252	DEBIAN
SUSE-SA:2007:013	http://www.novell.com/linux/security/advisories/2007_13_xine.html	SUSE
21852	http://www.securityfocus.com/bid/21852	BID
[vlc-devel] 20070102 Security hole in VLC media player for Mac...	http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html	MLIST
http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch	http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch	CONFIRM	PATCH
http://www.videolan.org/sa0701.html	http://www.videolan.org/sa0701.html	CONFIRM	Vendor Advisory
ADV-2007-0026	http://www.vupen.com/english/advisories/2007/0026	VUPEN	Vendor Advisory
vlcmediaplayer-udp-format-string(31226)	https://exchange.xforce.ibmcloud.com/vulnerabilities/31226	XF
oval:org.mitre.oval:def:14313	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313	OVAL