Vulnerability Description
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Videolan | Vlc Media Player | 0.8.6 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/27878Vendor Advisory
- http://securityreason.com/securityalert/3420
- http://www.coresecurity.com/?action=item&id=2035
- http://www.securityfocus.com/archive/1/484563/100/0/threaded
- http://www.securityfocus.com/bid/26675ExploitPatch
- http://www.videolan.org/sa0703.html
- http://www.vupen.com/english/advisories/2007/4061
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38816
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/27878Vendor Advisory
- http://securityreason.com/securityalert/3420
- http://www.coresecurity.com/?action=item&id=2035
- http://www.securityfocus.com/archive/1/484563/100/0/threaded
- http://www.securityfocus.com/bid/26675ExploitPatch
- http://www.videolan.org/sa0703.html
FAQ
What is CVE-2007-6262?
CVE-2007-6262 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVari...
How severe is CVE-2007-6262?
CVE-2007-6262 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6262?
Check the references section above for vendor advisories and patch information. Affected products include: Videolan Vlc Media Player.