CVE-2012-5855 - OpenCVE

The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Videolan	Vlc Media Player

Configuration 1 [-]

OR	cpe:2.3:a:videolan:vlc_media_player::::::::
	cpe:2.3:a:videolan:vlc_media_player:2.0.0:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.1:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.2:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.3:::::::*

References

Link	Resource
http://marc.info/?l=oss-security&m=135274330022215&w=2
http://www.securityfocus.com/archive/1/524626	Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2013-07-10T19:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2012-11-12T00:00:00

Link: CVE-2012-5855

JSON object: View

NVD Information

Status : Modified

Published: 2013-07-10T19:55:01.347

Modified: 2017-09-19T01:35:32.060

Link: CVE-2012-5855

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20121105 VideoLAN VLC Media Player <= 2.0.4 Crash Bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/524626"}, {"name": "oval:org.mitre.oval:def:16781", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}, {"name": "[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5855", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20121105 VideoLAN VLC Media Player <= 2.0.4 Crash Bug", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/524626"}, {"name": "oval:org.mitre.oval:def:16781", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}, {"name": "[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5855", "datePublished": "2013-07-10T19:00:00", "dateReserved": "2012-11-12T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5C76C9C-1161-49AA-8108-167DC868473D", "versionEndIncluding": "2.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."}, {"lang": "es", "value": "La funci\u00f3n SHAddToRecentDocs en VideoLAN VLC media player v2.0.4 y versiones anteriores podr\u00eda permitir a los atacantes asistidos por el usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un nombre de archivo especialmente dise\u00f1ado que genera una calculo de longitud de cadena incorrecto cuando se agrega el archivo a VLC. NOTA: no est\u00e1 claro si este problema puede saltarse los l\u00edmites de privilegio o si puede ser explotado sin la interacci\u00f3n del usuario."}], "id": "CVE-2012-5855", "lastModified": "2017-09-19T01:35:32.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-07-10T19:55:01.347", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/archive/1/524626"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}