CVE-2007-6262
Description
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a bad initialized pointer, aka a recursive plugin release vulnerability.
Risk Information
Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
22.802
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update VLC Media Player 0.8.6d to latest version | Windows |
| Update VLC Media Player 0.8.6d (x64) to latest version | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 0.8.6 | Windows |
| Multiple Vulnerabilities are affected in VLC media player (MSI) 0.8.6 | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 0.8.6a | Windows |
| Multiple Vulnerabilities are affected in VLC media player (MSI) 0.8.6a | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 0.8.6b | Windows |
| Multiple Vulnerabilities are affected in VLC media player (MSI) 0.8.6b | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-339134 | VLC Media Player (3.0.21) |
| PATCH-339135 | VLC Media Player (X64) (3.0.21) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234