VLC.HTTPD.Connection.Header.Format.String

description-logoDescription

This indicates an attack attempt against a format-string vulnerability in VideoLAN VLC HTTPD.
The vulnerability is caused by an error when the vulnerable software handles a malicious "Connection" parameter. It allows a remote attacker to execute arbitrary code via sending a crafted web request.

affected-products-logoAffected Products

VideoLAN VLC media player 0.8.6d
VideoLAN VLC media player 0.8.6c
VideoLAN VLC media player 0.8.6b
VideoLAN VLC media player 0.8.6a

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from the vendor's web site:

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-09-23 16.931 Sig Added