1. CVE-Search
  2. CVE-2003-0141
ID CVE-2003-0141
Summary The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
References
Vulnerable Configurations
  • cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realone_player:9.0.0.288:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realone_player:9.0.0.288:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realone_player:9.0.0.297:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realone_player:9.0.0.297:*:*:*:*:*:*:*
  • cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 18-10-2016 - 02:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 7177
bugtraq 20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability
cert-vn VU#705761
misc http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10
vulnwatch 20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability
Last major update 18-10-2016 - 02:30
Published 02-04-2003 - 05:00
Last modified 18-10-2016 - 02:30
Back to Top