Vulnerabilites related to realnetworks - helix_player
cve-2005-2922
Vulnerability from cvelistv5
Published
2006-03-23 23:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "oval:org.mitre.oval:def:11444",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444"
},
{
"name": "SUSE-SA:2006:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "1015808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015808"
},
{
"name": "RHSA-2005:788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"name": "realnetworks-chunked-transferencoding-bo(25409)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25409"
},
{
"name": "19365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19365"
},
{
"name": "17202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "VU#172489",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/172489"
},
{
"name": "RHSA-2005:762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "oval:org.mitre.oval:def:11444",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444"
},
{
"name": "SUSE-SA:2006:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "1015808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015808"
},
{
"name": "RHSA-2005:788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"name": "realnetworks-chunked-transferencoding-bo(25409)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25409"
},
{
"name": "19365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19365"
},
{
"name": "17202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "VU#172489",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/172489"
},
{
"name": "RHSA-2005:762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.service.real.com/realplayer/security/03162006_player/en/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19358"
},
{
"name": "oval:org.mitre.oval:def:11444",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444"
},
{
"name": "SUSE-SA:2006:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "ADV-2006-1057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "1015808",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015808"
},
{
"name": "RHSA-2005:788",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"name": "realnetworks-chunked-transferencoding-bo(25409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25409"
},
{
"name": "19365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19365"
},
{
"name": "17202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "VU#172489",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/172489"
},
{
"name": "RHSA-2005:762",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2922",
"datePublished": "2006-03-23T23:00:00",
"dateReserved": "2005-09-15T00:00:00",
"dateUpdated": "2024-08-07T22:53:29.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0417
Vulnerability from cvelistv5
Published
2010-02-18 23:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2010-0094.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/38450 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html | mailing-list, x_refsource_MLIST | |
| https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=561860 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "oval:org.mitre.oval:def:11364",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "[common-cvs] 20080114 util rlstate.cpp,1.9,1.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "oval:org.mitre.oval:def:11364",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "[common-cvs] 20080114 util rlstate.cpp,1.9,1.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0417",
"datePublished": "2010-02-18T23:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0416
Vulnerability from cvelistv5
Published
2010-02-18 23:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2010-0094.html | vendor-advisory, x_refsource_REDHAT | |
| https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1 | x_refsource_CONFIRM | |
| http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/38450 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=561856 | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"name": "[common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"name": "oval:org.mitre.oval:def:10847",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"name": "[common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"name": "oval:org.mitre.oval:def:10847",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0416",
"datePublished": "2010-02-18T23:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2629
Vulnerability from cvelistv5
Published
2005-11-18 23:00
Modified
2024-08-07 22:30
Severity ?
EPSS score ?
Summary
Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "169",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/169"
},
{
"name": "1015186",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015186"
},
{
"name": "AD20051110a",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110a.html"
},
{
"name": "1015184",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015184"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "EEYEB20050510",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113166476423021\u0026w=2"
},
{
"name": "17514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"name": "15381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15381/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"name": "DSA-915",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-915"
},
{
"name": "oval:org.mitre.oval:def:9550",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550"
},
{
"name": "17860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17860"
},
{
"name": "1015185",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015185"
},
{
"name": "realplayer-rm-datapacket-bo(23024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "169",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/169"
},
{
"name": "1015186",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015186"
},
{
"name": "AD20051110a",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110a.html"
},
{
"name": "1015184",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015184"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "EEYEB20050510",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113166476423021\u0026w=2"
},
{
"name": "17514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"name": "15381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15381/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"name": "DSA-915",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-915"
},
{
"name": "oval:org.mitre.oval:def:9550",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550"
},
{
"name": "17860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17860"
},
{
"name": "1015185",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015185"
},
{
"name": "realplayer-rm-datapacket-bo(23024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "169",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/169"
},
{
"name": "1015186",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015186"
},
{
"name": "AD20051110a",
"refsource": "EEYE",
"url": "http://www.eeye.com/html/research/advisories/AD20051110a.html"
},
{
"name": "1015184",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015184"
},
{
"name": "17559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17559"
},
{
"name": "EEYEB20050510",
"refsource": "EEYE",
"url": "http://marc.info/?l=bugtraq\u0026m=113166476423021\u0026w=2"
},
{
"name": "17514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17514/"
},
{
"name": "15381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15381/"
},
{
"name": "http://service.real.com/help/faq/security/051110_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"name": "DSA-915",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-915"
},
{
"name": "oval:org.mitre.oval:def:9550",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550"
},
{
"name": "17860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17860"
},
{
"name": "1015185",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015185"
},
{
"name": "realplayer-rm-datapacket-bo(23024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2629",
"datePublished": "2005-11-18T23:00:00",
"dateReserved": "2005-08-19T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1481
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11309 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=ntbugtraq&m=109708374115061&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.service.real.com/help/faq/security/040928_player/EN/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/12672 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17549 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11309",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11309"
},
{
"name": "20041001 EEYE: RealPlayer pnen3260.dll Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "12672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12672"
},
{
"name": "realplayer-rm-code-execution(17549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11309",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11309"
},
{
"name": "20041001 EEYE: RealPlayer pnen3260.dll Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "12672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12672"
},
{
"name": "realplayer-rm-code-execution(17549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11309"
},
{
"name": "20041001 EEYE: RealPlayer pnen3260.dll Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2"
},
{
"name": "http://www.service.real.com/help/faq/security/040928_player/EN/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "12672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12672"
},
{
"name": "realplayer-rm-code-execution(17549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1481",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2710
Vulnerability from cvelistv5
Published
2005-09-27 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:01.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17127"
},
{
"name": "VU#361181",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/361181"
},
{
"name": "GLSA-200510-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-07.xml"
},
{
"name": "DSA-826",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-826"
},
{
"name": "27",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/27"
},
{
"name": "20050926 RealPlayer \u0026\u0026 HelixPlayer Remote Format String",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=112775929608219\u0026w=2"
},
{
"name": "16961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16961"
},
{
"name": "RHSA-2005:788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"name": "16981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16981"
},
{
"name": "17116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17116"
},
{
"name": "16954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16954"
},
{
"name": "oval:org.mitre.oval:def:11015",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11015"
},
{
"name": "SUSE-SA:2005:059",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_59_RealPlayer.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168078"
},
{
"name": "20050930 RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=311\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.open-security.org/advisories/13"
},
{
"name": "41",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/41"
},
{
"name": "RHSA-2005:762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
},
{
"name": "20050926 RealPlayer \u0026\u0026 HelixPlayer Remote Format String Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112785544325326\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17127"
},
{
"name": "VU#361181",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/361181"
},
{
"name": "GLSA-200510-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-07.xml"
},
{
"name": "DSA-826",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-826"
},
{
"name": "27",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/27"
},
{
"name": "20050926 RealPlayer \u0026\u0026 HelixPlayer Remote Format String",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=112775929608219\u0026w=2"
},
{
"name": "16961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16961"
},
{
"name": "RHSA-2005:788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"name": "16981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16981"
},
{
"name": "17116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17116"
},
{
"name": "16954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16954"
},
{
"name": "oval:org.mitre.oval:def:11015",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11015"
},
{
"name": "SUSE-SA:2005:059",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_59_RealPlayer.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168078"
},
{
"name": "20050930 RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=311\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.open-security.org/advisories/13"
},
{
"name": "41",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/41"
},
{
"name": "RHSA-2005:762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
},
{
"name": "20050926 RealPlayer \u0026\u0026 HelixPlayer Remote Format String Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112785544325326\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17127",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17127"
},
{
"name": "VU#361181",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/361181"
},
{
"name": "GLSA-200510-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-07.xml"
},
{
"name": "DSA-826",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-826"
},
{
"name": "27",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/27"
},
{
"name": "20050926 RealPlayer \u0026\u0026 HelixPlayer Remote Format String",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=112775929608219\u0026w=2"
},
{
"name": "16961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16961"
},
{
"name": "RHSA-2005:788",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"name": "16981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16981"
},
{
"name": "17116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17116"
},
{
"name": "16954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16954"
},
{
"name": "oval:org.mitre.oval:def:11015",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11015"
},
{
"name": "SUSE-SA:2005:059",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_59_RealPlayer.html"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168078",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168078"
},
{
"name": "20050930 RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=311\u0026type=vulnerabilities"
},
{
"name": "http://www.open-security.org/advisories/13",
"refsource": "MISC",
"url": "http://www.open-security.org/advisories/13"
},
{
"name": "41",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/41"
},
{
"name": "RHSA-2005:762",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
},
{
"name": "20050926 RealPlayer \u0026\u0026 HelixPlayer Remote Format String Exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112785544325326\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2710",
"datePublished": "2005-09-27T04:00:00",
"dateReserved": "2005-08-26T00:00:00",
"dateUpdated": "2024-08-07T22:45:01.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4244
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/0178 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1023489 | vdb-entry, x_refsource_SECTRACK | |
| http://service.real.com/realplayer/security/01192010_player/en/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38218 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/37880 | vdb-entry, x_refsource_BID | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-008/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55797 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/509098/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37880"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/"
},
{
"name": "realplayer-sipr-bo(55797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
},
{
"name": "20100121 ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37880"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/"
},
{
"name": "realplayer-sipr-bo(55797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
},
{
"name": "20100121 ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/"
},
{
"name": "realplayer-sipr-bo(55797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
},
{
"name": "20100121 ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4244",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2009-12-09T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4246
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/0178 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55799 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1023489 | vdb-entry, x_refsource_SECTRACK | |
| http://service.real.com/realplayer/security/01192010_player/en/ | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-010/ | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/509104/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/38218 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/37880 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "realplayer-skin-bo(55799)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55799"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-010/"
},
{
"name": "20100121 ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509104/100/0/threaded"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "realplayer-skin-bo(55799)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55799"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-010/"
},
{
"name": "20100121 ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509104/100/0/threaded"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "realplayer-skin-bo(55799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55799"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-010/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-010/"
},
{
"name": "20100121 ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509104/100/0/threaded"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4246",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2009-12-09T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0611
Vulnerability from cvelistv5
Published
2005-03-02 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2005-271.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419 | vdb-entry, signature, x_refsource_OVAL | |
| http://service.real.com/help/faq/security/050224_player/EN/ | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2005-265.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=110979465912834&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=vulnwatch&m=110977858619314&w=2 | mailing-list, x_refsource_VULNWATCH |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2005:271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"name": "oval:org.mitre.oval:def:11419",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/050224_player/EN/"
},
{
"name": "RHSA-2005:265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
},
{
"name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110979465912834\u0026w=2"
},
{
"name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://marc.info/?l=vulnwatch\u0026m=110977858619314\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2005:271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"name": "oval:org.mitre.oval:def:11419",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/050224_player/EN/"
},
{
"name": "RHSA-2005:265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
},
{
"name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110979465912834\u0026w=2"
},
{
"name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://marc.info/?l=vulnwatch\u0026m=110977858619314\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0611",
"datePublished": "2005-03-02T05:00:00",
"dateReserved": "2005-03-02T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0755
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-07 21:28
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2005-392.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2005-363.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00040.html | vendor-advisory, x_refsource_FEDORA | |
| http://marc.info/?l=bugtraq&m=111401615202987&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://service.real.com/help/faq/security/050419_player/EN/ | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2005-394.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11205 | vdb-entry, signature, x_refsource_OVAL | |
| http://pb.specialised.info/all/adv/real-ram-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:27.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2005:392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-392.html"
},
{
"name": "RHSA-2005:363",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-363.html"
},
{
"name": "FEDORA-2005-329",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00040.html"
},
{
"name": "20050420 RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401615202987\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/050419_player/EN/"
},
{
"name": "RHSA-2005:394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-394.html"
},
{
"name": "oval:org.mitre.oval:def:11205",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pb.specialised.info/all/adv/real-ram-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2005:392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-392.html"
},
{
"name": "RHSA-2005:363",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-363.html"
},
{
"name": "FEDORA-2005-329",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00040.html"
},
{
"name": "20050420 RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401615202987\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/050419_player/EN/"
},
{
"name": "RHSA-2005:394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-394.html"
},
{
"name": "oval:org.mitre.oval:def:11205",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pb.specialised.info/all/adv/real-ram-adv.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0755",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-03-17T00:00:00",
"dateUpdated": "2024-08-07T21:28:27.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4245
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"name": "61969",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61969"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "oval:org.mitre.oval:def:9998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "realplayer-gifimage-bo(55800)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"name": "61969",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61969"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "oval:org.mitre.oval:def:9998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "realplayer-gifimage-bo(55800)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"name": "61969",
"refsource": "OSVDB",
"url": "http://osvdb.org/61969"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38450"
},
{
"name": "oval:org.mitre.oval:def:9998",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "realplayer-gifimage-bo(55800)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561441",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4245",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2009-12-09T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4243
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/0178 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1023489 | vdb-entry, x_refsource_SECTRACK | |
| http://service.real.com/realplayer/security/01192010_player/en/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55796 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/61967 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/38218 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/37880 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "realplayer-httpchunk-bo(55796)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55796"
},
{
"name": "61967",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61967"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an \"overflow.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "realplayer-httpchunk-bo(55796)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55796"
},
{
"name": "61967",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61967"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an \"overflow.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "realplayer-httpchunk-bo(55796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55796"
},
{
"name": "61967",
"refsource": "OSVDB",
"url": "http://osvdb.org/61967"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4243",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2009-12-09T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0323
Vulnerability from cvelistv5
Published
2006-03-23 23:00
Modified
2024-08-07 16:34
Severity ?
EPSS score ?
Summary
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:13.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "SUSE-SA:2006:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "19362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19362"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "RHSA-2006:0257",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
},
{
"name": "690",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/690"
},
{
"name": "19365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19365"
},
{
"name": "GLSA-200603-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
},
{
"name": "1015806",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015806"
},
{
"name": "17202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
},
{
"name": "realnetworks-swf-bo(25408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
},
{
"name": "19390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19390"
},
{
"name": "VU#231028",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/231028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "SUSE-SA:2006:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "19362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19362"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "RHSA-2006:0257",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
},
{
"name": "690",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/690"
},
{
"name": "19365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19365"
},
{
"name": "GLSA-200603-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
},
{
"name": "1015806",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015806"
},
{
"name": "17202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
},
{
"name": "realnetworks-swf-bo(25408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
},
{
"name": "19390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19390"
},
{
"name": "VU#231028",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/231028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.service.real.com/realplayer/security/03162006_player/en/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19358"
},
{
"name": "SUSE-SA:2006:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "19362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19362"
},
{
"name": "ADV-2006-1057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "RHSA-2006:0257",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
},
{
"name": "690",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/690"
},
{
"name": "19365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19365"
},
{
"name": "GLSA-200603-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
},
{
"name": "1015806",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015806"
},
{
"name": "17202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
},
{
"name": "realnetworks-swf-bo(25408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
},
{
"name": "19390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19390"
},
{
"name": "VU#231028",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/231028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0323",
"datePublished": "2006-03-23T23:00:00",
"dateReserved": "2006-01-19T00:00:00",
"dateUpdated": "2024-08-07T16:34:13.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4904
Vulnerability from cvelistv5
Published
2007-09-17 16:00
Modified
2024-08-07 15:08
Severity ?
EPSS score ?
Summary
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36545 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/479081/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/25627 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.html | mailing-list, x_refsource_FULLDISC | |
| http://osvdb.org/39904 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "realplayer-helixplayer-au-dos(36545)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36545"
},
{
"name": "20070911 RealPlayer/HelixPlayer .au Divide-By-Zero Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479081/100/0/threaded"
},
{
"name": "25627",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25627"
},
{
"name": "20070911 RealPlayer/HelixPlayer .au Divide-By-Zero Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.html"
},
{
"name": "39904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "realplayer-helixplayer-au-dos(36545)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36545"
},
{
"name": "20070911 RealPlayer/HelixPlayer .au Divide-By-Zero Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479081/100/0/threaded"
},
{
"name": "25627",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25627"
},
{
"name": "20070911 RealPlayer/HelixPlayer .au Divide-By-Zero Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.html"
},
{
"name": "39904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "realplayer-helixplayer-au-dos(36545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36545"
},
{
"name": "20070911 RealPlayer/HelixPlayer .au Divide-By-Zero Denial of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479081/100/0/threaded"
},
{
"name": "25627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25627"
},
{
"name": "20070911 RealPlayer/HelixPlayer .au Divide-By-Zero Denial of Service Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.html"
},
{
"name": "39904",
"refsource": "OSVDB",
"url": "http://osvdb.org/39904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4904",
"datePublished": "2007-09-17T16:00:00",
"dateReserved": "2007-09-17T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3410
Vulnerability from cvelistv5
Published
2007-06-26 22:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:13.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "oval:org.mitre.oval:def:10554",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"
},
{
"name": "20070626 RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547"
},
{
"name": "26463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26463"
},
{
"name": "GLSA-200709-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-05.xml"
},
{
"name": "24658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24658"
},
{
"name": "ADV-2007-2339",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2339"
},
{
"name": "realplayer-smiltime-wallclockvalue-bo(35088)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088"
},
{
"name": "RHSA-2007:0841",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0841.html"
},
{
"name": "26828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26828"
},
{
"name": "38342",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38342"
},
{
"name": "VU#770904",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/770904"
},
{
"name": "RHSA-2007:0605",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0605.html"
},
{
"name": "25859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25859"
},
{
"name": "37374",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37374"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "25819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25819"
},
{
"name": "1018297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018297"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "1018299",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "oval:org.mitre.oval:def:10554",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"
},
{
"name": "20070626 RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547"
},
{
"name": "26463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26463"
},
{
"name": "GLSA-200709-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-05.xml"
},
{
"name": "24658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24658"
},
{
"name": "ADV-2007-2339",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2339"
},
{
"name": "realplayer-smiltime-wallclockvalue-bo(35088)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088"
},
{
"name": "RHSA-2007:0841",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0841.html"
},
{
"name": "26828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26828"
},
{
"name": "38342",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38342"
},
{
"name": "VU#770904",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/770904"
},
{
"name": "RHSA-2007:0605",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0605.html"
},
{
"name": "25859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25859"
},
{
"name": "37374",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37374"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "25819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25819"
},
{
"name": "1018297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018297"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "1018299",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/10252007_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "oval:org.mitre.oval:def:10554",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"
},
{
"name": "20070626 RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547"
},
{
"name": "26463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26463"
},
{
"name": "GLSA-200709-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-05.xml"
},
{
"name": "24658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24658"
},
{
"name": "ADV-2007-2339",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2339"
},
{
"name": "realplayer-smiltime-wallclockvalue-bo(35088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088"
},
{
"name": "RHSA-2007:0841",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0841.html"
},
{
"name": "26828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26828"
},
{
"name": "38342",
"refsource": "OSVDB",
"url": "http://osvdb.org/38342"
},
{
"name": "VU#770904",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/770904"
},
{
"name": "RHSA-2007:0605",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0605.html"
},
{
"name": "25859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25859"
},
{
"name": "37374",
"refsource": "OSVDB",
"url": "http://osvdb.org/37374"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "25819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25819"
},
{
"name": "1018297",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018297"
},
{
"name": "27361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27361"
},
{
"name": "1018299",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3410",
"datePublished": "2007-06-26T22:00:00",
"dateReserved": "2007-06-26T00:00:00",
"dateUpdated": "2024-08-07T14:14:13.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4242
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "oval:org.mitre.oval:def:10144",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10144"
},
{
"name": "realplayer-gif-bo(55795)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55795"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"name": "[datatype-cvs] 20080909 image/gif/common gifcodec.cpp,1.7,1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008633.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-006/"
},
{
"name": "61966",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61966"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.8"
},
{
"name": "20100121 ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509096/100/0/threaded"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "oval:org.mitre.oval:def:10144",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10144"
},
{
"name": "realplayer-gif-bo(55795)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55795"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"name": "[datatype-cvs] 20080909 image/gif/common gifcodec.cpp,1.7,1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008633.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-006/"
},
{
"name": "61966",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61966"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.8"
},
{
"name": "20100121 ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509096/100/0/threaded"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "oval:org.mitre.oval:def:10144",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10144"
},
{
"name": "realplayer-gif-bo(55795)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55795"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561436",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"name": "[datatype-cvs] 20080909 image/gif/common gifcodec.cpp,1.7,1.8",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008633.html"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38450"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-006/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-006/"
},
{
"name": "61966",
"refsource": "OSVDB",
"url": "http://osvdb.org/61966"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.8",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.8"
},
{
"name": "20100121 ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509096/100/0/threaded"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4242",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2009-12-09T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4247
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an "array overflow."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "oval:org.mitre.oval:def:10677",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10677"
},
{
"name": "[protocol-cvs] 20090828 rtsp rtspclnt.cpp,1.244,1.245",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/protocol-cvs/2009-August/001943.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/protocol/rtsp/rtspclnt.cpp?view=log#rev1.245"
},
{
"name": "[helix-client-dev] 20090828 CR: 249097 - Security fix - urgent CR requested",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/helix-client-dev/2009-August/008092.html"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "realplayer-rulebook-overflow(55802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "oval:org.mitre.oval:def:10677",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10677"
},
{
"name": "[protocol-cvs] 20090828 rtsp rtspclnt.cpp,1.244,1.245",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/protocol-cvs/2009-August/001943.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/protocol/rtsp/rtspclnt.cpp?view=log#rev1.245"
},
{
"name": "[helix-client-dev] 20090828 CR: 249097 - Security fix - urgent CR requested",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/helix-client-dev/2009-August/008092.html"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "realplayer-rulebook-overflow(55802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55802"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38450"
},
{
"name": "oval:org.mitre.oval:def:10677",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10677"
},
{
"name": "[protocol-cvs] 20090828 rtsp rtspclnt.cpp,1.244,1.245",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/protocol-cvs/2009-August/001943.html"
},
{
"name": "https://helixcommunity.org/viewcvs/protocol/rtsp/rtspclnt.cpp?view=log#rev1.245",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/protocol/rtsp/rtspclnt.cpp?view=log#rev1.245"
},
{
"name": "[helix-client-dev] 20090828 CR: 249097 - Security fix - urgent CR requested",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/helix-client-dev/2009-August/008092.html"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561338",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "realplayer-rulebook-overflow(55802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55802"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4247",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2009-12-09T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4257
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "20100121 ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509105/100/0/threaded"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "[datatype-cvs] 20080916 smil/common smlpkt.cpp,1.11,1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.html"
},
{
"name": "realnetworks-realplayer-smil-bo(55798)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55798"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/datatype/smil/common/smlpkt.cpp?view=log#rev1.12"
},
{
"name": "oval:org.mitre.oval:def:11110",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11110"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38218"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-007/"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "20100121 ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509105/100/0/threaded"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "[datatype-cvs] 20080916 smil/common smlpkt.cpp,1.11,1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.html"
},
{
"name": "realnetworks-realplayer-smil-bo(55798)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55798"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/datatype/smil/common/smlpkt.cpp?view=log#rev1.12"
},
{
"name": "oval:org.mitre.oval:def:11110",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11110"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38218"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-007/"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "20100121 ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509105/100/0/threaded"
},
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "[datatype-cvs] 20080916 smil/common smlpkt.cpp,1.11,1.12",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.html"
},
{
"name": "realnetworks-realplayer-smil-bo(55798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55798"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561309",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"name": "38450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38450"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/smil/common/smlpkt.cpp?view=log#rev1.12",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/datatype/smil/common/smlpkt.cpp?view=log#rev1.12"
},
{
"name": "oval:org.mitre.oval:def:11110",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11110"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-007/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-007/"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4257",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2009-12-09T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4241
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/0178 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55794 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1023489 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/509100/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://service.real.com/realplayer/security/01192010_player/en/ | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-005/ | x_refsource_MISC | |
| http://secunia.com/advisories/38218 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/37880 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "realplayer-asmrulebook-bo(55794)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "realplayer-asmrulebook-bo(55794)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "realplayer-asmrulebook-bo(55794)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4241",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2009-12-09T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4248
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "[client-dev] 20080117 CR: fix for bug 211210",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.85,1.86",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "oval:org.mitre.oval:def:10641",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.55.2.18,1.55.2.19",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "realplayer-rtsp-setparameter-bo(55801)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "[client-dev] 20080117 CR: fix for bug 211210",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.85,1.86",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "oval:org.mitre.oval:def:10641",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.55.2.18,1.55.2.19",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "realplayer-rtsp-setparameter-bo(55801)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561361",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38450"
},
{
"name": "[client-dev] 20080117 CR: fix for bug 211210",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.85,1.86",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"name": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "oval:org.mitre.oval:def:10641",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.55.2.18,1.55.2.19",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "realplayer-rtsp-setparameter-bo(55801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4248",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2009-12-09T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:00
Severity ?
Summary
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "E971D8BF-C1B8-4489-9824-D7F1ACBA8DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "42C40382-8A43-47BC-B112-1FF87D513F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "41015020-77F1-4604-8F90-1D3398ABF96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.3:*:linux:*:*:*:*:*",
"matchCriteriaId": "8F09FC85-710E-4B98-BB7B-D388F3EB58DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.4:*:linux:*:*:*:*:*",
"matchCriteriaId": "0CCEE460-284C-408D-A4FB-A49622004E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.5:*:linux:*:*:*:*:*",
"matchCriteriaId": "82258764-D89B-482B-BB7E-31D86BD6C586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "7621E796-2AF1-447B-B350-74841A85855E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5695A49-561F-434E-92AE-AEF13162BD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:0.288:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "FA36B216-65D0-490C-8102-7D99D21417CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:0.297:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "CD6C057A-407C-4794-9250-80E07C8E09CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "003D7E29-9970-4984-9756-C070E15B7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.0.305:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "3ADE53B2-53D5-4E84-9CFF-9D7C12727115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.0.331:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "EB4B64DF-7D14-460C-AE2D-02C67575CC9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "382E5B10-AE07-4325-BEE7-7B0432CDF845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "96897C76-EB4F-49A7-997E-C735CDD2B83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.3:*:linux:*:*:*:*:*",
"matchCriteriaId": "10A106E1-78FE-4CA3-9B3B-956B88E758E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.4:*:linux:*:*:*:*:*",
"matchCriteriaId": "7E2DC70C-42FF-493D-AA17-4BE1EA475839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.5:*:linux:*:*:*:*:*",
"matchCriteriaId": "71ACF9F5-6779-41FD-9F96-4DD202035DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "F29F875A-883C-4C8D-BF8D-4A1D83286A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*",
"matchCriteriaId": "336246FA-A06F-4792-9923-E6948F3494FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7BF07-8B9A-4BDF-BEA9-C55ABDEA8165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC15988-96A0-4EBE-BF99-14D46F5A9553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*",
"matchCriteriaId": "41F65BDA-393F-4274-B193-B578255DB013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4CADDC-84D2-45D9-99BA-A662D7490154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:rhapsody:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2B8F89-AFE2-4029-A9D3-88C99EC4774C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:rhapsody:3.0_build_0.815:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDA20ED-8151-44EC-AAFC-A273E918AE29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header."
}
],
"id": "CVE-2005-2922",
"lastModified": "2024-11-21T00:00:43.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19365"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015808"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/172489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25409"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/172489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer_enterprise | * | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| microsoft | windows | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| apple | mac_os_x | * | |
| realnetworks | helix_player | 10.0 | |
| realnetworks | helix_player | 11.0.0 | |
| realnetworks | helix_player | 11.0.1 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 11.0.0 | |
| realnetworks | realplayer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero GIF con los tama\u00f1os de los fragmentos manipulados, que provocan un posicionamiento de memoria err\u00f3neo."
}
],
"evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
"id": "CVE-2009-4242",
"lastModified": "2024-11-21T01:09:13.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:01.090",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008633.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61966"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509096/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-006/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55795"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.8"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008633.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509096/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10144"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-23 23:06
Modified
2024-11-21 00:06
Severity ?
Summary
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | * | |
| realnetworks | realone_player | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0.6 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | rhapsody | 3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B288E1C-4511-482A-B39D-E6BB9585AF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5695A49-561F-434E-92AE-AEF13162BD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:gold:*:*:*:*:*:*",
"matchCriteriaId": "F1E6B49C-BDF7-41A8-A6B4-4AA1A47C87FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B857582E-8B1A-4ED4-8C0C-9D8D5BDD1E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:rhapsody:3:*:*:*:*:*:*:*",
"matchCriteriaId": "91156125-28D3-498A-9521-F748D9FA7FF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en swfformat.dll en m\u00faltiples productos y versiones RealNetworks incluyendo RealPlayer 10.x, RealOne Player, Rhapsody 3 y Helix Player permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo SWF (Flash) manipulado con (1) un valor de tama\u00f1o que es menor que el tama\u00f1o real o (2) otras manipulaciones no especificadas."
}
],
"id": "CVE-2006-0323",
"lastModified": "2024-11-21T00:06:11.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-23T23:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19362"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19365"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19390"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/690"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015806"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/231028"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/231028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | 1.0 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 9.0.0.288 | |
| realnetworks | realone_player | 9.0.0.297 | |
| realnetworks | realplayer | - | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0_6.0.12.690 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5_6.0.12.1016 | |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "F40AA63E-932B-45B4-BA21-F22AEF66D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:9.0.0.288:*:*:*:*:macos:*:*",
"matchCriteriaId": "E6C291C3-9F2E-4197-91EB-C5D845E595D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:9.0.0.297:*:*:*:*:macos:*:*",
"matchCriteriaId": "D2866B30-6EF7-4941-8846-73F82A04D395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "16C148F6-427A-4D90-966E-9A6BECEAEF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "50511368-4765-489B-B2ED-8214887BCB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:unix:*:*",
"matchCriteriaId": "28E2C43D-3BF4-44FA-A6D2-275BF5FB33DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "ADD8B4E8-7315-4FC4-A339-6D65CC32A5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:de:*:*:*:*",
"matchCriteriaId": "EF2A171E-6E39-4FCC-88CC-655D18232FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*",
"matchCriteriaId": "4EBB6E97-C8C0-49A7-BCDA-794C4986BAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*",
"matchCriteriaId": "0C9031C2-95D1-46D0-965A-F4BAA76FB29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B4B6C4B6-9031-451B-B58B-45DA88173E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:beta:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "28D7D8D5-42BD-42E3-B193-CF18CD40991A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*",
"matchCriteriaId": "01513F87-049E-46A9-A573-A7AF27EB30C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016:beta:*:*:*:*:*:*",
"matchCriteriaId": "A75F4FE1-F3DA-493F-87B5-E1D2410949A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow."
}
],
"id": "CVE-2004-1481",
"lastModified": "2024-11-20T23:50:59.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/12672"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/11309"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/12672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/11309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer_enterprise | * | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| microsoft | windows | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| apple | mac_os_x | * | |
| realnetworks | helix_player | 10.0 | |
| realnetworks | helix_player | 11.0.0 | |
| realnetworks | helix_player | 11.0.1 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 11.0.0 | |
| realnetworks | realplayer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la funci\u00f3n RTSPProtocol::HandleSetParameterRequest en el archivo client/core/rtspprotocol.cpp en RealPlayer versi\u00f3n 10, RealPlayer versiones 10,5 6.0.12.1040 hasta 6.0.12.1741, RealPlayer versiones 11 11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer versiones 10 y 10.1, Linux RealPlayer versi\u00f3n 10, y Helix Player versiones 10.x, de RealNetworks, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario por medio de una petici\u00f3n RTSP SET_PARAMETER especialmente dise\u00f1ada."
}
],
"evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
"id": "CVE-2009-4248",
"lastModified": "2024-11-21T01:09:14.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:01.543",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-18 23:30
Modified
2024-11-21 01:12
Severity ?
Summary
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | 1.0.6 | |
| realnetworks | realplayer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "02C37959-EB6F-42A4-92AA-17A5251EB652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:linux:*:*:*:*:*",
"matchCriteriaId": "30440AA2-F06F-425E-98D9-F8AA30AD1B7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n Unescape en common/util/hxurl.cpp y player/hxclientkit/src/CHXClientSink.cpp en Helix Player v1.0.6 y RealPlayer, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un argumento URL que contiene caracteres de % (porcentaje) que no est\u00e1n seguidos por dos d\u00edgitos hexadecimales."
}
],
"id": "CVE-2010-0416",
"lastModified": "2024-11-21T01:12:10.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-18T23:30:00.537",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"source": "secalert@redhat.com",
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | * | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | * | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B288E1C-4511-482A-B39D-E6BB9585AF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files."
}
],
"id": "CVE-2005-0611",
"lastModified": "2024-11-20T23:55:31.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=110979465912834\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=vulnwatch\u0026m=110977858619314\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://service.real.com/help/faq/security/050224_player/EN/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110979465912834\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=vulnwatch\u0026m=110977858619314\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/help/faq/security/050224_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-18 23:30
Modified
2024-11-21 01:12
Severity ?
Summary
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | 1.0.6 | |
| realnetworks | realplayer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D391052A-4982-4E68-A6F9-603580E2DB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA29F41-A723-435D-AA35-EE03280B58C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en common/util/rlstate.cpp en Helix Player v1.0.6 y RealPlayer, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una estructura RuleBook con un elevado n\u00famero de caracteres de rule-separator (Separador de reglas) que provocan una corrupci\u00f3n de memoria din\u00e1mica (heap)."
}
],
"id": "CVE-2010-0417",
"lastModified": "2024-11-21T01:12:10.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-18T23:30:00.583",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"source": "secalert@redhat.com",
"url": "https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer_enterprise | * | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| microsoft | windows | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| apple | mac_os_x | * | |
| realnetworks | helix_player | 10.0 | |
| realnetworks | helix_player | 11.0.0 | |
| realnetworks | helix_player | 11.0.1 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 11.0.0 | |
| realnetworks | realplayer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x,permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero con una estructura ASMRuleBook que provoca una error de memoria din\u00e1mica."
}
],
"evaluatorComment": "Specific affected release information can be found from RealNetworks at:\r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
"id": "CVE-2009-4241",
"lastModified": "2024-11-21T01:09:13.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:00.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509100/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55794"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-27 20:03
Modified
2024-11-21 00:00
Severity ?
Summary
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | * | |
| realnetworks | realplayer | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B288E1C-4511-482A-B39D-E6BB9585AF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file."
}
],
"id": "CVE-2005-2710",
"lastModified": "2024-11-21T00:00:12.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-09-27T20:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168078"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112785544325326\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=112775929608219\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16954"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16961"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16981"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17116"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17127"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/27"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/41"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-826"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-07.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=311\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/361181"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_59_RealPlayer.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.open-security.org/advisories/13"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112785544325326\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=112775929608219\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=311\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/361181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_59_RealPlayer.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.open-security.org/advisories/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11015"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer_enterprise | * | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| microsoft | windows | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| apple | mac_os_x | * | |
| realnetworks | helix_player | 10.0 | |
| realnetworks | helix_player | 11.0.0 | |
| realnetworks | helix_player | 11.0.1 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 11.0.0 | |
| realnetworks | realplayer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an \"overflow.\""
},
{
"lang": "es",
"value": "RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de un fichero de contenido multimedia que utilice codificaci\u00f3n de transferencia fragmentada, relacionado con un desbordamiento."
}
],
"evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
"id": "CVE-2009-4243",
"lastModified": "2024-11-21T01:09:14.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:01.370",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61967"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55796"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer_enterprise | * | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| microsoft | windows | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| apple | mac_os_x | * | |
| realnetworks | helix_player | 10.0 | |
| realnetworks | helix_player | 11.0.0 | |
| realnetworks | helix_player | 11.0.1 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 11.0.0 | |
| realnetworks | realplayer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos asistidos por usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero \"skin\" .RJS que contiene un fichero web.xmb con las longitudes de cadena manipuladas."
}
],
"evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
"id": "CVE-2009-4246",
"lastModified": "2024-11-21T01:09:14.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:01.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509104/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-010/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509104/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55799"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-26 22:30
Modified
2024-11-21 00:33
Severity ?
Summary
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | 10.0.5 | |
| realnetworks | helix_player | 10.0.6 | |
| realnetworks | helix_player | 10.0.7 | |
| realnetworks | helix_player | 10.0.8 | |
| realnetworks | helix_player | 10.5-gold | |
| realnetworks | realone_player | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "09EF251C-E054-4A0F-A1F3-8BCC659F2DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE47C9FE-D304-427E-8E14-583EAB321DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5C42DE15-367D-40AC-BD63-CCC281524194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "60E2870B-AEB9-4D65-9D04-971434530D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.5-gold:*:*:*:*:*:*:*",
"matchCriteriaId": "EE62D59F-014C-4730-9C2A-75E9AD42975E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5695A49-561F-434E-92AE-AEF13162BD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n SmilTimeValue::parseWallClockValue en el archivo smlprstime.cpp en RealNetworks RealPlayer versiones 10, 10.1 y posiblemente 10.5, RealOne Player, RealPlayer Enterprise y Helix Player versi\u00f3n 10.5-GOLD y versiones 10.0.5 hasta 10.0.8, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo SMIL (SMIL2) con un valor wallclock largo."
}
],
"id": "CVE-2007-3410",
"lastModified": "2024-11-21T00:33:10.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-26T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37374"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38342"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25819"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25859"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26463"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26828"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200709-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018297"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018299"
},
{
"source": "cve@mitre.org",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/770904"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0605.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0841.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24658"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2339"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200709-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/770904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0605.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer_enterprise | * | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| microsoft | windows | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| apple | mac_os_x | * | |
| realnetworks | helix_player | 10.0 | |
| realnetworks | helix_player | 11.0.0 | |
| realnetworks | helix_player | 11.0.1 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 11.0.0 | |
| realnetworks | realplayer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del campo de codec SIPR con un valor de longitud peque\u00f1o que provoca una localizaci\u00f3n de memoria incorrecta."
}
],
"evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
"id": "CVE-2009-4244",
"lastModified": "2024-11-21T01:09:14.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:01.400",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an "array overflow."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer_enterprise | * | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| microsoft | windows | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| apple | mac_os_x | * | |
| realnetworks | helix_player | 10.0 | |
| realnetworks | helix_player | 11.0.0 | |
| realnetworks | helix_player | 11.0.1 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 11.0.0 | |
| realnetworks | realplayer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\""
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el archivo protocol/rtsp/rtspclnt.cpp en RealPlayer versi\u00f3n 10; RealPlayer versiones 10.5 6.0.12.1040 hasta 6.0.12.1741; RealPlayer versiones 11 11.0.x; RealPlayer SP versiones 1.0.0 y 1.0.1; RealPlayer Enterprise; Mac RealPlayer versiones 10, 10.1, 11.0 y 11.0.1; Linux RealPlayer versiones 10, 11.0.0 y 11.0.1; y Helix Player versiones 10.x, 11.0.0 y 11.0.1 de RealNetworks, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario por medio de un Reglamento ASM con un gran n\u00famero de reglas, relacionadas con un \"array overflow\""
}
],
"evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
"id": "CVE-2009-4247",
"lastModified": "2024-11-21T01:09:14.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:01.510",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/helix-client-dev/2009-August/008092.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/protocol-cvs/2009-August/001943.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38450"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55802"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/protocol/rtsp/rtspclnt.cpp?view=log#rev1.245"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/helix-client-dev/2009-August/008092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/protocol-cvs/2009-August/001943.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/protocol/rtsp/rtspclnt.cpp?view=log#rev1.245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer_enterprise | * | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| microsoft | windows | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| apple | mac_os_x | * | |
| realnetworks | helix_player | 10.0 | |
| realnetworks | helix_player | 11.0.0 | |
| realnetworks | helix_player | 11.0.1 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 11.0.0 | |
| realnetworks | realplayer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el archivo datatype/smil/common/smlpkt.cpp en la biblioteca smlrender. dll en RealPlayer versi\u00f3n 10, RealPlayer versiones 10.5 6.0.12.1040 hasta 6.0.12.1741, RealPlayer versiones 11 11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer versiones 10 y 10.1, Linux RealPlayer versiones 10 y 11.0.0 y Helix Player versiones 10.x y 11.0.0, de RealNetworks, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo SMIL con longitudes de cadena especialmente dise\u00f1adas."
}
],
"evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
"id": "CVE-2009-4257",
"lastModified": "2024-11-21T01:09:15.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:01.573",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38450"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509105/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-007/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55798"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/datatype/smil/common/smlpkt.cpp?view=log#rev1.12"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509105/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/datatype/smil/common/smlpkt.cpp?view=log#rev1.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11110"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-18 23:03
Modified
2024-11-21 00:00
Severity ?
Summary
Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | 1.0 | |
| realnetworks | helix_player | 1.0.1 | |
| realnetworks | helix_player | 1.0.2 | |
| realnetworks | helix_player | 1.0.3 | |
| realnetworks | helix_player | 1.0.4 | |
| realnetworks | helix_player | 1.0.5 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | * | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5_6.0.12.1040 | |
| realnetworks | realplayer | 10.5_6.0.12.1053 | |
| realnetworks | realplayer | 10.5_6.0.12.1056 | |
| realnetworks | realplayer | 10.5_6.0.12.1059 | |
| realnetworks | realplayer | 10.5_6.0.12.1069 | |
| realnetworks | realplayer | 10.5_6.0.12.1235 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "E290CDC0-738D-447C-BD21-95D6843BB480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "91EF8E27-2DEC-4F46-9FEF-9FDE4327783D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "988391F6-F8D4-43A0-A423-DC93CD5ED301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.3:*:linux:*:*:*:*:*",
"matchCriteriaId": "108C2C6B-B626-44CF-AFBB-F4F867A4E91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.4:*:linux:*:*:*:*:*",
"matchCriteriaId": "315A22F8-692F-4D51-ABE2-A564A7111521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.5:*:linux:*:*:*:*:*",
"matchCriteriaId": "51D19434-B812-48FA-829E-A91910BA8941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "003D7E29-9970-4984-9756-C070E15B7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "EB23A853-3AD4-4EB9-B178-12B5E6E93BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*",
"matchCriteriaId": "336246FA-A06F-4792-9923-E6948F3494FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7BF07-8B9A-4BDF-BEA9-C55ABDEA8165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC15988-96A0-4EBE-BF99-14D46F5A9553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*",
"matchCriteriaId": "41F65BDA-393F-4274-B193-B578255DB013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4CADDC-84D2-45D9-99BA-A662D7490154",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481."
}
],
"id": "CVE-2005-2629",
"lastModified": "2024-11-21T00:00:00.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-11-18T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113166476423021\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17559"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17860"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/169"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015184"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015185"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015186"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-915"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110a.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15381/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113166476423021\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15381/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-19 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | * | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0_6.0.12.690 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D907A-72C4-463A-B989-2D6296B3204A",
"versionEndIncluding": "10.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "50511368-4765-489B-B2ED-8214887BCB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:unix:*:*",
"matchCriteriaId": "28E2C43D-3BF4-44FA-A6D2-275BF5FB33DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:de:*:*:*:*",
"matchCriteriaId": "EF2A171E-6E39-4FCC-88CC-655D18232FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*",
"matchCriteriaId": "4EBB6E97-C8C0-49A7-BCDA-794C4986BAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*",
"matchCriteriaId": "0C9031C2-95D1-46D0-965A-F4BAA76FB29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B4B6C4B6-9031-451B-B58B-45DA88173E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*",
"matchCriteriaId": "01513F87-049E-46A9-A573-A7AF27EB30C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file."
}
],
"id": "CVE-2005-0755",
"lastModified": "2024-11-20T23:55:50.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-04-19T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401615202987\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://pb.specialised.info/all/adv/real-ram-adv.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://service.real.com/help/faq/security/050419_player/EN/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-363.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-392.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-394.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401615202987\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://pb.specialised.info/all/adv/real-ram-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://service.real.com/help/faq/security/050419_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-363.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-392.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-394.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11205"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-17 16:17
Modified
2024-11-21 00:36
Severity ?
Summary
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | 1.0.6 | |
| realnetworks | realplayer | 10.0.8 | |
| realnetworks | realplayer | 10.0.9 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.5-gold |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "02C37959-EB6F-42A4-92AA-17A5251EB652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.8:*:linux:*:*:*:*:*",
"matchCriteriaId": "3B7E4316-DD41-43FC-98FB-4F4F90A4606C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.9:*:linux:*:*:*:*:*",
"matchCriteriaId": "9F76EDC7-9039-45F7-A6D5-952D34A0D801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A3F5F4F9-36E1-4A00-B6C2-8BBC720A4C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5-gold:*:linux:*:*:*:*:*",
"matchCriteriaId": "CD5D9BEE-F0D2-4F8A-9E5F-81A0812048CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error."
},
{
"lang": "es",
"value": "RealNetworks RealPlayer 10.1.0.3114 y anteriores, y Helix Player 1.0.6.778 sobre Fedora Core 6 (FC6) y posiblemente otras plataformas, permite a atacantes remotos con la intervenci\u00f3n del usuario provocar denegaci\u00f3n de servicio (caida de aplicaci\u00f3n) a trav\u00e9s de un archivo malformado .au que dispara un error de divisi\u00f3n por cero."
}
],
"id": "CVE-2007-4904",
"lastModified": "2024-11-21T00:36:41.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-09-17T16:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39904"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/479081/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25627"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/479081/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36545"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "We do not consider a crash of a client application such as RealPlayer or Helix Player to be a security issue.",
"lastModified": "2007-09-18T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer_enterprise | * | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| microsoft | windows | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| apple | mac_os_x | * | |
| realnetworks | helix_player | 10.0 | |
| realnetworks | helix_player | 11.0.0 | |
| realnetworks | helix_player | 11.0.1 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 11.0.0 | |
| realnetworks | realplayer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de una imagen GIF comprimida."
}
],
"evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
"id": "CVE-2009-4245",
"lastModified": "2024-11-21T01:09:14.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:01.433",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61969"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}