The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL
Advisory | Patch | Confirmed | Link |
---|---|---|---|
20121105 VideoLAN VLC Media Player <= 2.0.4 Crash Bug | |||
[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-... |