Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Videolan Vlc media player 0.9.7 (not an official CPE)
VideoLAN VLC Media Player 0.9.6
VideoLAN VLC Media Player 0.9.5
VideoLAN VLC Media Player 0.9.4
VideoLAN VLC Media Player 0.9.3
VideoLAN VLC Media Player 0.9.2
VideoLAN VLC Media Player 0.9.1
VideoLAN VLC Media Player 0.9.0
Videolan Vlc media player 0.9.8 (not an official CPE)