Search for vulnerabilities
Vulnerability details: VCID-2qa3-pyh1-aaah
Vulnerability ID VCID-2qa3-pyh1-aaah
Aliases CVE-2007-6682
Summary Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.21616 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.29899 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.71244 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.71244 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.71244 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.71244 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.71244 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.71244 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.71244 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.71244 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.71244 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.71244 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.71244 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.76609 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.76609 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.76609 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
epss 0.76609 https://api.first.org/data/v1/epss?cve=CVE-2007-6682
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2007-6682
Reference id Reference type URL
http://aluigi.altervista.org/adv/vlcboffs-adv.txt
http://osvdb.org/42208
https://api.first.org/data/v1/epss?cve=CVE-2007-6682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6682
http://secunia.com/advisories/28233
http://secunia.com/advisories/29284
http://secunia.com/advisories/29766
http://securityreason.com/securityalert/3550
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790
https://www.exploit-db.com/exploits/5519
http://trac.videolan.org/vlc/changeset/23839
http://www.debian.org/security/2008/dsa-1543
http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
http://www.securityfocus.com/archive/1/485488/30/0/threaded
http://www.securityfocus.com/bid/27015
458318 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458318
cpe:2.3:a:videolan:vlc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc:*:*:*:*:*:*:*:*
CVE-2007-6682 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/5519.c
CVE-2007-6682 https://nvd.nist.gov/vuln/detail/CVE-2007-6682
GLSA-200803-13 https://security.gentoo.org/glsa/200803-13
Data source Exploit-DB
Date added April 27, 2008
Description VideoLAN VLC Media Player 0.8.6d - 'httpd_FileCallBack' Remote Format String
Ransomware campaign use Known
Source publication date April 28, 2008
Exploit type remote
Platform windows
Source update date Nov. 23, 2016
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-6682
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.95234
EPSS Score 0.21616
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.