| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.6 | $0-$5k | 0.22 |
A vulnerability was found in VideoLAN VLC 0.8.6e (Multimedia Player Software). It has been rated as critical. Affected by this issue is the function mp4_readbox_rdrf of the file libmp4.c. Using CWE to declare the problem leads to CWE-189. Impacted is confidentiality, integrity, and availability.
The bug was discovered 03/02/2008. The weakness was presented 03/24/2008 as 09572892 (Website). The advisory is available at xforce.iss.net. This vulnerability is handled as CVE-2008-1489 since 03/24/2008. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are known, but there is no available exploit.
It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 22 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 31949 (Debian DSA-1543-1 : vlc – several vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks and running in the context local.
Upgrading eliminates this vulnerability. A possible mitigation has been published 3 weeks after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at SecurityFocus (BID 28433), X-Force (41412), Secunia (SA29503), Vulnerability Center (SBV-18170) and Tenable (31949). See 3544, 41235, 40576 and 40568 for similar entries.
Type
Vendor
Name
VulDB Meta Base Score: 7.3
VulDB Meta Temp Score: 6.6
VulDB Base Score: 7.3
VulDB Temp Score: 6.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Class: Unknown
CWE: CWE-189
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 31949
Nessus Name: Debian DSA-1543-1 : vlc – several vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 60789
OpenVAS Name: Debian Security Advisory DSA 1543-1 (vlc)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Upgrade
Status: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: xforce.iss.net
03/02/2008 🔍
03/02/2008 🔍
03/24/2008 🔍
03/24/2008 🔍
03/24/2008 🔍
03/24/2008 🔍
04/09/2008 🔍
04/14/2008 🔍
04/17/2008 🔍
03/16/2015 🔍
11/14/2017 🔍
07/31/2021 🔍Vendor: https://www.videolan.org/
Advisory: 09572892
Status: Not defined
Confirmation: 🔍
CVE: CVE-2008-1489 (🔍)
OVAL: 🔍
SecurityFocus: 28433 – VLC Media Player ‘MP4_ReadBox_rdrf()’ Buffer Overflow Vulnerability
Secunia: 29503
X-Force: 41412
Vulnerability Center: 18170 – VideoLAN VLC Media Player MP4_ReadBox_rdrf Vulnerability Allows Remote Code Execution and DoS, Medium
OSVDB: 43702 – CVE-2008-1489 – VideoLan – VLC – Integer Overflow Issue
Vupen: ADV-2008-0985
See also: 🔍
Created: 03/16/2015 17:00
Updated: 07/31/2021 12:33
Changes: (3) advisory_identifier exploit_price_0day vulnerability_cvss2_nvd_basescore
Complete: 🔍
Check our Alexa App!
