CVE-2007-6262 Information

Description

A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget (2) getVariable or (3) setVariable function resulting from a \bad initialized pointer\ aka a \recursive plugin release vulnerability.\

Reference

http://secunia.com/advisories/27878 http://securityreason.com/securityalert/3420 http://www.coresecurity.com/?action=item&id=2035 http://www.securityfocus.com/archive/1/484563/100/0/threaded http://www.securityfocus.com/bid/26675 http://www.videolan.org/sa0703.html http://www.vupen.com/english/advisories/2007/4061 https://exchange.xforce.ibmcloud.com/vulnerabilities/38816 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14280