Vulnerability Details : CVE-2008-5036
Public exploit exists!
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-5036
- cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-5036
96.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-5036
-
VLC Media Player RealText Subtitle Overflow
Disclosure Date: 2008-11-05First seen: 2020-04-26exploit/windows/fileformat/vlc_realtextThis module exploits a stack buffer overflow vulnerability in VideoLAN VLC < 0.9.6. The vulnerability exists in the parsing of RealText subtitle files. In order to exploit this, this module will generate two files: The .mp4 file is used to trick your vic
CVSS scores for CVE-2008-5036
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-5036
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5036
-
http://www.openwall.com/lists/oss-security/2008/11/05/5
oss-security - CVE id request: vlc
-
http://www.openwall.com/lists/oss-security/2008/11/05/4
oss-security - VideoLAN security advisory 0810
-
http://www.trapkit.de/advisories/TKADV2008-011.txt
Exploit
-
http://www.securityfocus.com/archive/1/498111/100/0/threaded
-
http://www.videolan.org/security/sa0810.html
VideoLAN Security Advisory 0810 - VideoLAN
-
http://security.gentoo.org/glsa/glsa-200812-24.xml
VLC: Multiple vulnerabilities (GLSA 200812-24) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2008/11/10/13
oss-security - Re: CVE id request: vlc
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329
404 Not Found
-
http://www.securityfocus.com/bid/32125
VLC Media Player Multiple Stack Based Buffer Overflow Vulnerabilities
-
https://www.exploit-db.com/exploits/7051
VideoLAN VLC Media Player < 0.9.6 - '.rt' Local Stack Buffer Overflow - Windows local Exploit
-
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/46376
VLC Media Player RealText demuxer buffer overflow CVE-2008-5036 Vulnerability Report
Jump to