fkie_cve-2007-2263
Vulnerability from fkie_nvd
Published
2007-10-31 17:46
Modified
2024-11-21 00:30
Severity ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | * | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:mac:en:*:*:*:*",
"matchCriteriaId": "E42CFE29-8AF0-4FAE-88FD-4E2D373FE16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "72F332E7-13EA-447D-8116-7CD404120040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "15FABF57-B77B-49FF-BEAF-1E0D6BD4B66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.305:mac:*:*:*:*:*",
"matchCriteriaId": "995983E3-6968-4071-A3E7-BC84800894C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.331:mac:*:*:*:*:*",
"matchCriteriaId": "1D5A55EF-BFC7-4703-B115-910DC8338733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.352:mac:*:*:*:*:*",
"matchCriteriaId": "A4FE917E-31A3-4065-B723-FACECEB1BEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.5:linux:*:*:*:*:*",
"matchCriteriaId": "28F3DFCA-C0E8-43FC-B313-7E21978AE481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.6:linux:*:*:*:*:*",
"matchCriteriaId": "2A874D31-8FDB-456C-ABF8-94F812DD1B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.7:linux:*:*:*:*:*",
"matchCriteriaId": "CB81B184-CD30-42DD-8BA6-BED303BF6377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.8:linux:*:*:*:*:*",
"matchCriteriaId": "F62E12E0-D806-40F4-8779-18679572AD04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.9:linux:*:*:*:*:*",
"matchCriteriaId": "5567F40F-B04C-4866-A7B2-C796AAA0CE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.396:mac:*:*:*:*:*",
"matchCriteriaId": "84E4F874-E9A5-40F1-82CF-5C2E4749DF6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.412:mac:*:*:*:*:*",
"matchCriteriaId": "EBC0DDE6-356C-4EE7-83E1-7EF5A0C5A751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*",
"matchCriteriaId": "FB3CC6D6-334F-4F9C-8A5C-7EC3DCACEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*",
"matchCriteriaId": "414712E9-6901-4D33-B970-36CC238D4257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*",
"matchCriteriaId": "35AAD3FF-B70E-46CB-A3C1-34B2412EE6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*",
"matchCriteriaId": "FA78969A-CBAE-4B67-96E7-F7EC9FD78E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*",
"matchCriteriaId": "B9BA3DF0-9785-4F70-A9A3-38F657B52AA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers."
},
{
"lang": "es",
"value": "Un Desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria en RealNetworks RealPlayer las versiones 10.0, 10.1 y posiblemente 10.5, RealOne Player y RealPlayer Enterprise permiten que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de un archivo SWF (Flash) con encabezados de registro mal formados."
}
],
"id": "CVE-2007-2263",
"lastModified": "2024-11-21T00:30:20.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-31T17:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38344"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483110/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26284"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018866"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37436"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483110/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11432"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007:\nhttp://rhn.redhat.com/errata/RHSA-2007-0841.html)on\n\n(Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007)",
"lastModified": "2007-11-01T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.