CVE-2007-0017
Current Description
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
Basic Data
Published | January 03, 2007 |
Last Modified | October 11, 2017 |
Assigner | cve@mitre.org |
Data Type | CVE |
Data Format | MITRE |
Data Version | 4.0 |
Problem Type | CWE-134 |
CVE Data Version | 4.0 |
Base Metric V2
CVSS 2 - Version | 2.0 |
CVSS 2 - Vector String | AV:N/AC:M/Au:N/C:P/I:P/A:P |
CVSS 2 - Access Vector | NETWORK |
CVSS 2 - Access Complexity | MEDIUM |
CVSS 2 - Authentication | NONE |
CVSS 2 - Confidentiality Impact | PARTIAL |
CVSS 2 - Availability Impact | PARTIAL |
CVSS 2 - Base Score | 6.8 |
Severity | MEDIUM |
Exploitability Score | 8.6 |
Impact Score | 6.4 |
Obtain All Privilege | false |
Obtain User Privilege | true |
Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version | Part | Vendor | Product | Version | Update | Edition | Language | SW Edition | Target SW | Target HW | Other | Version Start Including | Version End Including | Version Start Excluding | Version End Excluding |
2.3 | Application | Videolan | Vlc Media Player | 0.7.0 | * | * | * | * | * | * | * | |