SNS Vulnerability

VLC "httpd_HtmlError" Cross-site Scripting Vulnerability

Description

(#A cross-site scripting vulnerability has been identified in VLC.#A remote attacker could exploit it to make his victim executing HTML/Javascript code via a specially crafted link.##This vulnerability is due to the lack of sanitization of the "URL" parameter in the "httpd_HtmlError" function of the source file "src/network/httpd.c" interpreting users' inputs in the error pages.##A proof of concept is available.#Updated, 28/09/2015:#The vlc packages provided by Debian Squeeze 6 and Wheezy 7 are vulnerable.)

Vulnerable Products

Vulnerable OS:
GNU/Linux (Debian) - 6, 7, 8Vulnerable Software:
VLC (VideoLAN) - 2.1.0, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.2.1

Solution

Version 2.2.2 of VLC fixes this vulnerability.

CVE

CVE-2014-9743

References

- PacketStorm : VLC 2.1.3 Cross Site Scripting
http://packetstormsecurity.com/files/125772/vlc-xss.txt
- DST : vlc
https://security-tracker.debian.org/tracker/CVE-2014-9743
- VideoLAN : Changes between 2.2.1 and 2.2.2
http://www.videolan.org/developers/vlc-branch/NEWS

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2014-03-18

Target Type

Client

Possible exploit

Remote