CVE-2008-2147

Advisory lineage Upstream: 0 Downstream: 3

Downstream

DEBIAN-CVE-2008-2147 DSA-1819-1 DTSA-132-1

Modified

Published: 12 May 2008, 20:00

Last modified:07 Aug 2024, 08:49

Vulnerability Summary

Overall Risk (default)

low

18/100

CVSS Score

4.6 MEDIUM

v2.0 (nvd)

EPSS Score

0.08% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 May 2008, 20:00

Published

Vulnerability first disclosed

07 Aug 2024, 08:49

Last Modified

Vulnerability information updated

Description

Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.

CVSS Metrics

v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.08%• Percentile: 23%

Techniques & Countermeasures

CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

videolan•vlc
≤ 0.8.6 | 0.4.6 | 0.5.0 | 0.5.1 | 0.5.1a | 0.5.2 | 0.5.3 | 0.6.0 | 0.6.1 | 0.6.2 | 0.7.0 | 0.7.1 | 0.7.2 | 0.8.0 | 0.8.1 | 0.8.2 | 0.8.4 | 0.8.4a | 0.8.5 | 0.8.6a | 0.8.6b | 0.8.6c | 0.8.6d | 0.8.6e