ID CVE-2005-0455
Summary Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
References
Vulnerable Configurations
  • cpe:2.3:a:realnetworks:realone_player:1.0
    cpe:2.3:a:realnetworks:realone_player:1.0
  • cpe:2.3:a:realnetworks:realone_player:2.0
    cpe:2.3:a:realnetworks:realone_player:2.0
  • cpe:2.3:a:realnetworks:realplayer:8.0
    cpe:2.3:a:realnetworks:realplayer:8.0
  • cpe:2.3:a:realnetworks:realplayer:8.0:-:win32
    cpe:2.3:a:realnetworks:realplayer:8.0:-:win32
  • RealNetworks RealPlayer 10.0
    cpe:2.3:a:realnetworks:realplayer:10.0
  • cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690
    cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690
  • cpe:2.3:a:realnetworks:realplayer:10.0_beta
    cpe:2.3:a:realnetworks:realplayer:10.0_beta
  • RealNetworks RealPlayer 10.5
    cpe:2.3:a:realnetworks:realplayer:10.5
  • cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta
    cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta
  • cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040
    cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040
  • cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053
    cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053
CVSS
Base: 5.1 (as of 07-06-2005 - 14:22)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description RealNetworks RealPlayer SMIL Buffer Overflow. CVE-2005-0455. Remote exploit for windows platform
    id EDB-ID:16586
    last seen 2016-02-02
    modified 2010-05-09
    published 2010-05-09
    reporter metasploit
    source https://www.exploit-db.com/download/16586/
    title RealNetworks RealPlayer SMIL Buffer Overflow
  • description RealPlayer 10 ".smil" File Local Buffer Overflow Exploit. CVE-2005-0455. Local exploit for windows platform
    id EDB-ID:863
    last seen 2016-01-31
    modified 2005-03-07
    published 2005-03-07
    reporter nolimit
    source https://www.exploit-db.com/download/863/
    title RealPlayer 10 - .smil File Local Buffer Overflow Exploit
metasploit via4
description This module exploits a stack buffer overflow in RealNetworks RealPlayer 10 and 8. By creating a URL link to a malicious SMIL file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an extension of '.smil'. This module has been tested with RealPlayer 10 build 6.0.12.883 and RealPlayer 8 build 6.0.9.584.
id MSF:EXPLOIT/WINDOWS/BROWSER/REALPLAYER_SMIL
last seen 2019-02-21
modified 2017-07-24
published 2007-02-03
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/realplayer_smil.rb
title RealNetworks RealPlayer SMIL Buffer Overflow
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-299.NASL
    description Updated realplayer packages that fix a number of security issues are now available for Red Hat Enterprise Linux 3 Extras. This update has been rated as having important security impact by the Red Hat Security Response Team. The realplayer package contains RealPlayer, a media format player. A number of security issues have been discovered in RealPlayer 8 of which a subset are believed to affect the Linux version as shipped with Red Hat Enterprise Linux 3 Extras. RealPlayer 8 is no longer supported by RealNetworks. Users of RealPlayer are advised to upgrade to this erratum package which contains RealPlayer 10.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 17590
    published 2005-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17590
    title RHEL 3 : realplayer (RHSA-2005:299)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-188.NASL
    description Updated HelixPlayer packages that fixes two buffer overflow issues are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. A stack based buffer overflow bug was found in HelixPlayer's Synchronized Multimedia Integration Language (SMIL) file processor. An attacker could create a specially crafted SMIL file which would execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0455 to this issue. A buffer overflow bug was found in the way HelixPlayer decodes WAV files. An attacker could create a specially crafted WAV file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0611 to this issue. All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer 1.0.3 which is not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19623
    published 2005-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19623
    title Fedora Core 3 : HelixPlayer-1.0.3-3.fc3 (2005-188)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2005_014.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2005:014 (RealPlayer). Two security problems were found in the media player RealPlayer: - CVE-2005-0455: A buffer overflow in the handling of .smil files. - CVE-2005-0611: A buffer overflow in the handling of .wav files. Both buffer overflows can be exploited remotely by providing URLs opened by RealPlayer. More informations can be found on this URL: http://service.real.com/help/faq/security/050224_player/EN/ This updates fixes the problems.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 17300
    published 2005-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17300
    title SUSE-SA:2005:014: RealPlayer
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-265.NASL
    description An updated RealPlayer package that fixes two buffer overflow issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. RealPlayer is a media player. A stack based buffer overflow bug was found in RealPlayer's Synchronized Multimedia Integration Language (SMIL) file processor. An attacker could create a specially crafted SMIL file which would execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0455 to this issue. A buffer overflow bug was found in the way RealPlayer decodes WAV sound files. An attacker could create a specially crafted WAV file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0611 to this issue. All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.3 and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 17268
    published 2005-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17268
    title RHEL 4 : RealPlayer (RHSA-2005:265)
  • NASL family Windows
    NASL id REALPLAYER_MULTIPLE_VULNS.NASL
    description According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise for Windows might allow an attacker to execute arbitrary code and delete arbitrary files on the remote host. To exploit these flaws, an attacker would send a malformed SMIL or WAV file to a user on the remote host and wait for him to open it.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17254
    published 2005-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17254
    title RealPlayer Multiple Remote Overflows (2005-03-01)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-271.NASL
    description An updated HelixPlayer package that fixes two buffer overflow issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. HelixPlayer is a media player. A stack based buffer overflow bug was found in HelixPlayer's Synchronized Multimedia Integration Language (SMIL) file processor. An attacker could create a specially crafted SMIL file which would execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0455 to this issue. A buffer overflow bug was found in the way HelixPlayer decodes WAV files. An attacker could create a specially crafted WAV file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0611 to this issue. All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer 1.0.3 which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17269
    published 2005-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17269
    title RHEL 4 : HelixPlayer (RHSA-2005:271)
oval via4
accepted 2013-04-29T04:10:00.886-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
family unix
id oval:org.mitre.oval:def:10926
status accepted
submitted 2010-07-09T03:56:16-04:00
title Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
version 22
packetstorm via4
data source https://packetstormsecurity.com/files/download/83059/realplayer_smil.rb.txt
id PACKETSTORM:83059
last seen 2016-12-05
published 2009-11-26
reporter MC
source https://packetstormsecurity.com/files/83059/RealNetworks-RealPlayer-SMIL-Buffer-Overflow.html
title RealNetworks RealPlayer SMIL Buffer Overflow
redhat via4
advisories
  • rhsa
    id RHSA-2005:265
  • rhsa
    id RHSA-2005:271
refmap via4
confirm http://service.real.com/help/faq/security/050224_player
idefense 20050301 RealNetworks RealPlayer .smil Buffer Overflow Vulnerability
Last major update 07-03-2011 - 21:20
Published 02-05-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top