Main Vulnerability Database Exploits ID:6409 - Exploit for Heap-based buffer overflow in VLC Media Player - CVE-2017-8311

ID:6409 - Exploit for Heap-based buffer overflow in VLC Media Player - CVE-2017-8311

Published: June 17, 2021

Vulnerability identifier: #VU6673

Vulnerability risk: High

CVE-ID: CVE-2017-8311

CWE-ID: CWE-122

Exploitation vector: Remote access

Vulnerable software:
VLC Media Player

Link to public exploit:

https://www.exploit-db.com/exploits/44514/

Vulnerability description

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code and take over the device.

The weakness exists due to a boundary error in ParseJSS in VideoLAN VLC when processing subtitles. A remote attacker can create specially crafted subtitle file, which when loaded by the target user with the help of affected software leads to arbitrary code execution.

Successful exploitation of the vulnerability may result in full control over the affected PC.

Remediation

Update to version 2.2.5.1.

ID:6409 - Exploit for Heap-based buffer overflow in VLC Media Player - CVE-2017-8311

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human