Vulnerabilites related to realnetworks - realone_player
CVE-2004-1798 (GCVE-0-2004-1798)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/9584 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1008647 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/9378 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/3826 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/349086 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/14168 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:47.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9584"
},
{
"name": "1008647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1008647"
},
{
"name": "9378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9378"
},
{
"name": "3826",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3826"
},
{
"name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/349086"
},
{
"name": "realoneplayer-smil-xss(14168)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a \"file:javascript:\" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9584"
},
{
"name": "1008647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1008647"
},
{
"name": "9378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9378"
},
{
"name": "3826",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3826"
},
{
"name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/349086"
},
{
"name": "realoneplayer-smil-xss(14168)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a \"file:javascript:\" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9584"
},
{
"name": "1008647",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008647"
},
{
"name": "9378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9378"
},
{
"name": "3826",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3826"
},
{
"name": "20040107 RealNetworks fails to address Cross-Site Scripting in RealOne Player",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/349086"
},
{
"name": "realoneplayer-smil-xss(14168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1798",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:47.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2052 (GCVE-0-2005-2052)
Vulnerability from cvelistv5
Published
2005-06-26 04:00
Modified
2024-08-07 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111955853611840&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://service.real.com/help/faq/security/050623_player/EN/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050623 eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111955853611840\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050623 eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111955853611840\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050623 eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111955853611840\u0026w=2"
},
{
"name": "http://service.real.com/help/faq/security/050623_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2052",
"datePublished": "2005-06-26T04:00:00",
"dateReserved": "2005-06-26T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0323 (GCVE-0-2006-0323)
Vulnerability from cvelistv5
Published
2006-03-23 23:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:13.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "SUSE-SA:2006:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "19362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19362"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "RHSA-2006:0257",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
},
{
"name": "690",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/690"
},
{
"name": "19365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19365"
},
{
"name": "GLSA-200603-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
},
{
"name": "1015806",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015806"
},
{
"name": "17202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
},
{
"name": "realnetworks-swf-bo(25408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
},
{
"name": "19390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19390"
},
{
"name": "VU#231028",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/231028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "SUSE-SA:2006:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "19362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19362"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "RHSA-2006:0257",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
},
{
"name": "690",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/690"
},
{
"name": "19365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19365"
},
{
"name": "GLSA-200603-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
},
{
"name": "1015806",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015806"
},
{
"name": "17202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
},
{
"name": "realnetworks-swf-bo(25408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
},
{
"name": "19390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19390"
},
{
"name": "VU#231028",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/231028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.service.real.com/realplayer/security/03162006_player/en/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19358"
},
{
"name": "SUSE-SA:2006:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "19362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19362"
},
{
"name": "ADV-2006-1057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "RHSA-2006:0257",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
},
{
"name": "690",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/690"
},
{
"name": "19365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19365"
},
{
"name": "GLSA-200603-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
},
{
"name": "1015806",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015806"
},
{
"name": "17202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
},
{
"name": "realnetworks-swf-bo(25408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
},
{
"name": "19390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19390"
},
{
"name": "VU#231028",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/231028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0323",
"datePublished": "2006-03-23T23:00:00",
"dateReserved": "2006-01-19T00:00:00",
"dateUpdated": "2024-08-07T16:34:13.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0455 (GCVE-0-2005-0455)
Vulnerability from cvelistv5
Published
2005-03-02 05:00
Modified
2024-08-07 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=209&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| http://service.real.com/help/faq/security/050224_player | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2005-271.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10926 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/support/errata/RHSA-2005-265.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050301 RealNetworks RealPlayer .smil Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=209\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/050224_player"
},
{
"name": "RHSA-2005:271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"name": "oval:org.mitre.oval:def:10926",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10926"
},
{
"name": "RHSA-2005:265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050301 RealNetworks RealPlayer .smil Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=209\u0026type=vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/050224_player"
},
{
"name": "RHSA-2005:271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"name": "oval:org.mitre.oval:def:10926",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10926"
},
{
"name": "RHSA-2005:265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050301 RealNetworks RealPlayer .smil Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=209\u0026type=vulnerabilities"
},
{
"name": "http://service.real.com/help/faq/security/050224_player",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/050224_player"
},
{
"name": "RHSA-2005:271",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"name": "oval:org.mitre.oval:def:10926",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10926"
},
{
"name": "RHSA-2005:265",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0455",
"datePublished": "2005-03-02T05:00:00",
"dateReserved": "2005-02-16T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13121 (GCVE-0-2018-13121)
Vulnerability from cvelistv5
Published
2018-07-03 22:00
Modified
2024-08-05 08:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/921580451/RealOnePlayer-sBug/issues/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:52:50.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/921580451/RealOnePlayer-sBug/issues/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-03T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/921580451/RealOnePlayer-sBug/issues/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/921580451/RealOnePlayer-sBug/issues/1",
"refsource": "MISC",
"url": "https://github.com/921580451/RealOnePlayer-sBug/issues/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13121",
"datePublished": "2018-07-03T22:00:00",
"dateReserved": "2018-07-03T00:00:00",
"dateUpdated": "2024-08-05T08:52:50.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0726 (GCVE-0-2003-0726)
Vulnerability from cvelistv5
Published
2003-09-03 04:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/8453 | vdb-entry, x_refsource_BID | |
| http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13028 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/335293 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.service.real.com/help/faq/security/securityupdate_august2003.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1007532 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"name": "realone-smil-execute-code(13028)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"name": "1007532",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007532"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"name": "realone-smil-execute-code(13028)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"name": "1007532",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007532"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8453"
},
{
"name": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html",
"refsource": "MISC",
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"name": "realone-smil-execute-code(13028)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"name": "20030827 RealOne Player Allows Cross Zone and Domain Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"name": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"name": "1007532",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007532"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0726",
"datePublished": "2003-09-03T04:00:00",
"dateReserved": "2003-09-02T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5081 (GCVE-0-2007-5081)
Vulnerability from cvelistv5
Published
2007-10-31 17:00
Modified
2024-08-07 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://service.real.com/realplayer/security/10252007_player/en/ | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1018866 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11625 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.attrition.org/pipermail/vim/2007-October/001841.html | mailing-list, x_refsource_VIM | |
| http://www.vupen.com/english/advisories/2007/3628 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37435 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/27361 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/38340 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/26214 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "1018866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018866"
},
{
"name": "oval:org.mitre.oval:def:11625",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11625"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "realplayer-rm-bo(37435)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37435"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "38340",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38340"
},
{
"name": "26214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "1018866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018866"
},
{
"name": "oval:org.mitre.oval:def:11625",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11625"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "realplayer-rm-bo(37435)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37435"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "38340",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38340"
},
{
"name": "26214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/10252007_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "1018866",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018866"
},
{
"name": "oval:org.mitre.oval:def:11625",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11625"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "realplayer-rm-bo(37435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37435"
},
{
"name": "27361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27361"
},
{
"name": "38340",
"refsource": "OSVDB",
"url": "http://osvdb.org/38340"
},
{
"name": "26214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5081",
"datePublished": "2007-10-31T17:00:00",
"dateReserved": "2007-09-24T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2630 (GCVE-0-2005-2630)
Vulnerability from cvelistv5
Published
2005-11-18 23:00
Modified
2024-08-07 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.eeye.com/html/research/advisories/AD20051110b.html | third-party-advisory, x_refsource_EEYE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/23025 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1015184 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=bugtraq&m=113166519206033&w=2 | third-party-advisory, x_refsource_EEYE | |
| http://securityreason.com/securityalert/170 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/15382 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/17514/ | third-party-advisory, x_refsource_SECUNIA | |
| http://service.real.com/help/faq/security/051110_player/EN/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/17860 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/18827 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1015185 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "AD20051110b",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110b.html"
},
{
"name": "realplayer-rjs-zip-bo(23025)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23025"
},
{
"name": "1015184",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015184"
},
{
"name": "EEYEB20050701",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113166519206033\u0026w=2"
},
{
"name": "170",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/170"
},
{
"name": "15382",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15382"
},
{
"name": "17514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"name": "17860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17860"
},
{
"name": "18827",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18827"
},
{
"name": "1015185",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "AD20051110b",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110b.html"
},
{
"name": "realplayer-rjs-zip-bo(23025)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23025"
},
{
"name": "1015184",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015184"
},
{
"name": "EEYEB20050701",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113166519206033\u0026w=2"
},
{
"name": "170",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/170"
},
{
"name": "15382",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15382"
},
{
"name": "17514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"name": "17860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17860"
},
{
"name": "18827",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18827"
},
{
"name": "1015185",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015185"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "AD20051110b",
"refsource": "EEYE",
"url": "http://www.eeye.com/html/research/advisories/AD20051110b.html"
},
{
"name": "realplayer-rjs-zip-bo(23025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23025"
},
{
"name": "1015184",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015184"
},
{
"name": "EEYEB20050701",
"refsource": "EEYE",
"url": "http://marc.info/?l=bugtraq\u0026m=113166519206033\u0026w=2"
},
{
"name": "170",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/170"
},
{
"name": "15382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15382"
},
{
"name": "17514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17514/"
},
{
"name": "http://service.real.com/help/faq/security/051110_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"name": "17860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17860"
},
{
"name": "18827",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18827"
},
{
"name": "1015185",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015185"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2630",
"datePublished": "2005-11-18T23:00:00",
"dateReserved": "2005-08-19T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4599 (GCVE-0-2007-4599)
Vulnerability from cvelistv5
Published
2007-10-31 17:00
Modified
2024-08-07 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-07-062.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/483112/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://service.real.com/realplayer/security/10252007_player/en/ | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1018866 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37438 | vdb-entry, x_refsource_XF | |
| http://www.attrition.org/pipermail/vim/2007-October/001841.html | mailing-list, x_refsource_VIM | |
| http://www.vupen.com/english/advisories/2007/3628 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/27361 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/38341 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/26214 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:10.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-062.html"
},
{
"name": "20071031 ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483112/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "1018866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018866"
},
{
"name": "realplayer-pls-bo(37438)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37438"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "38341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38341"
},
{
"name": "26214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-062.html"
},
{
"name": "20071031 ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483112/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "1018866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018866"
},
{
"name": "realplayer-pls-bo(37438)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37438"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "38341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38341"
},
{
"name": "26214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-062.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-062.html"
},
{
"name": "20071031 ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483112/100/0/threaded"
},
{
"name": "http://service.real.com/realplayer/security/10252007_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "1018866",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018866"
},
{
"name": "realplayer-pls-bo(37438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37438"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "27361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27361"
},
{
"name": "38341",
"refsource": "OSVDB",
"url": "http://osvdb.org/38341"
},
{
"name": "26214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4599",
"datePublished": "2007-10-31T17:00:00",
"dateReserved": "2007-08-30T00:00:00",
"dateUpdated": "2024-08-07T15:01:10.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0192 (GCVE-0-2005-0192)
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/advisories/real-03full.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=110616302008401&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18984 | vdb-entry, x_refsource_XF | |
| http://service.real.com/help/faq/security/040928_player/EN/ | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=109707741022291&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:24.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/real-03full.txt"
},
{
"name": "20050119 RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616302008401\u0026w=2"
},
{
"name": "realplayer-rjs-filenane-directory-traversal(18984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18984"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/real-03full.txt"
},
{
"name": "20050119 RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616302008401\u0026w=2"
},
{
"name": "realplayer-rjs-filenane-directory-traversal(18984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18984"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/advisories/real-03full.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/real-03full.txt"
},
{
"name": "20050119 RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110616302008401\u0026w=2"
},
{
"name": "realplayer-rjs-filenane-directory-traversal(18984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18984"
},
{
"name": "http://service.real.com/help/faq/security/040928_player/EN/",
"refsource": "MISC",
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0192",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-28T00:00:00",
"dateUpdated": "2024-08-07T21:05:24.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1094 (GCVE-0-2004-1094)
Vulnerability from cvelistv5
Published
2004-12-01 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420274/100/0/threaded"
},
{
"name": "1011944",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011944"
},
{
"name": "20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html"
},
{
"name": "payroll-dunzip32-bo(22737)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22737"
},
{
"name": "19906",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19906"
},
{
"name": "ADV-2005-2057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2057"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networksecurity.fi/advisories/lotus-notes.html"
},
{
"name": "20041027 High Risk Vulnerability in RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109894226007607\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networksecurity.fi/advisories/payroll.html"
},
{
"name": "19451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19451"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networksecurity.fi/advisories/dtsearch.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networksecurity.fi/advisories/mcafee-virusscan.html"
},
{
"name": "11555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11555"
},
{
"name": "17394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17394"
},
{
"name": "realplayer-dunzip32-bo(17879)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17879"
},
{
"name": "20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/429361/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networksecurity.fi/advisories/multiledger.html"
},
{
"name": "20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445369/100/0/threaded"
},
{
"name": "VU#582498",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/582498"
},
{
"name": "1012297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012297"
},
{
"name": "ADV-2006-1176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1176"
},
{
"name": "1016817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016817"
},
{
"name": "18194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18194"
},
{
"name": "653",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/653"
},
{
"name": "296",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/296"
},
{
"name": "17096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17096"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/041026_player/EN/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420274/100/0/threaded"
},
{
"name": "1011944",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011944"
},
{
"name": "20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html"
},
{
"name": "payroll-dunzip32-bo(22737)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22737"
},
{
"name": "19906",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19906"
},
{
"name": "ADV-2005-2057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2057"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networksecurity.fi/advisories/lotus-notes.html"
},
{
"name": "20041027 High Risk Vulnerability in RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109894226007607\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networksecurity.fi/advisories/payroll.html"
},
{
"name": "19451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19451"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networksecurity.fi/advisories/dtsearch.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networksecurity.fi/advisories/mcafee-virusscan.html"
},
{
"name": "11555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11555"
},
{
"name": "17394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17394"
},
{
"name": "realplayer-dunzip32-bo(17879)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17879"
},
{
"name": "20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/429361/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networksecurity.fi/advisories/multiledger.html"
},
{
"name": "20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445369/100/0/threaded"
},
{
"name": "VU#582498",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/582498"
},
{
"name": "1012297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012297"
},
{
"name": "ADV-2006-1176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1176"
},
{
"name": "1016817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016817"
},
{
"name": "18194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18194"
},
{
"name": "653",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/653"
},
{
"name": "296",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/296"
},
{
"name": "17096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17096"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/041026_player/EN/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420274/100/0/threaded"
},
{
"name": "1011944",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011944"
},
{
"name": "20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html"
},
{
"name": "payroll-dunzip32-bo(22737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22737"
},
{
"name": "19906",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19906"
},
{
"name": "ADV-2005-2057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2057"
},
{
"name": "http://www.networksecurity.fi/advisories/lotus-notes.html",
"refsource": "MISC",
"url": "http://www.networksecurity.fi/advisories/lotus-notes.html"
},
{
"name": "20041027 High Risk Vulnerability in RealPlayer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109894226007607\u0026w=2"
},
{
"name": "http://www.networksecurity.fi/advisories/payroll.html",
"refsource": "MISC",
"url": "http://www.networksecurity.fi/advisories/payroll.html"
},
{
"name": "19451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19451"
},
{
"name": "http://www.networksecurity.fi/advisories/dtsearch.html",
"refsource": "MISC",
"url": "http://www.networksecurity.fi/advisories/dtsearch.html"
},
{
"name": "http://www.networksecurity.fi/advisories/mcafee-virusscan.html",
"refsource": "MISC",
"url": "http://www.networksecurity.fi/advisories/mcafee-virusscan.html"
},
{
"name": "11555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11555"
},
{
"name": "17394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17394"
},
{
"name": "realplayer-dunzip32-bo(17879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17879"
},
{
"name": "20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429361/100/0/threaded"
},
{
"name": "http://www.networksecurity.fi/advisories/multiledger.html",
"refsource": "MISC",
"url": "http://www.networksecurity.fi/advisories/multiledger.html"
},
{
"name": "20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445369/100/0/threaded"
},
{
"name": "VU#582498",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582498"
},
{
"name": "1012297",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012297"
},
{
"name": "ADV-2006-1176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1176"
},
{
"name": "1016817",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016817"
},
{
"name": "18194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18194"
},
{
"name": "653",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/653"
},
{
"name": "296",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/296"
},
{
"name": "17096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17096"
},
{
"name": "http://service.real.com/help/faq/security/041026_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/041026_player/EN/"
},
{
"name": "http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1094",
"datePublished": "2004-12-01T05:00:00",
"dateReserved": "2004-11-30T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0191 (GCVE-0-2005-0191)
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18982 | vdb-entry, x_refsource_XF | |
| http://www.ngssoftware.com/advisories/real-03full.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=110616302008401&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://service.real.com/help/faq/security/040928_player/EN/ | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=109707741022291&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "realplayer-long-filename-offbyone-bo(18982)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18982"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/real-03full.txt"
},
{
"name": "20050119 RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616302008401\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "realplayer-long-filename-offbyone-bo(18982)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18982"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/real-03full.txt"
},
{
"name": "20050119 RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616302008401\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "realplayer-long-filename-offbyone-bo(18982)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18982"
},
{
"name": "http://www.ngssoftware.com/advisories/real-03full.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/real-03full.txt"
},
{
"name": "20050119 RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110616302008401\u0026w=2"
},
{
"name": "http://service.real.com/help/faq/security/040928_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0191",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-28T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1370 (GCVE-0-2006-1370)
Vulnerability from cvelistv5
Published
2006-03-23 23:00
Modified
2024-08-07 17:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.service.real.com/realplayer/security/03162006_player/en/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25411 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/19358 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/1057 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/17202 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/451556 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1015810 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "realnetworks-mbc-bo(25411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25411"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "17202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "VU#451556",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/451556"
},
{
"name": "1015810",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "realnetworks-mbc-bo(25411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25411"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "17202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "VU#451556",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/451556"
},
{
"name": "1015810",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015810"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.service.real.com/realplayer/security/03162006_player/en/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "realnetworks-mbc-bo(25411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25411"
},
{
"name": "19358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19358"
},
{
"name": "ADV-2006-1057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "17202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "VU#451556",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/451556"
},
{
"name": "1015810",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015810"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1370",
"datePublished": "2006-03-23T23:00:00",
"dateReserved": "2006-03-23T00:00:00",
"dateUpdated": "2024-08-07T17:12:20.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2936 (GCVE-0-2005-2936)
Vulnerability from cvelistv5
Published
2005-11-18 11:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.service.real.com/realplayer/security/03162006_player/en/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/19358 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/15448 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/1057 | vdb-entry, x_refsource_VUPEN | |
| http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| http://securitytracker.com/id?1015223 | vdb-entry, x_refsource_SECTRACK | |
| http://service.real.com/help/faq/security/security111605.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "15448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15448"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=340\u0026type=vulnerabilities"
},
{
"name": "1015223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015223"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/security111605.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\\program.exe file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "15448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15448"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=340\u0026type=vulnerabilities"
},
{
"name": "1015223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015223"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/security111605.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\\program.exe file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.service.real.com/realplayer/security/03162006_player/en/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19358"
},
{
"name": "15448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15448"
},
{
"name": "ADV-2006-1057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=340\u0026type=vulnerabilities"
},
{
"name": "1015223",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015223"
},
{
"name": "http://service.real.com/help/faq/security/security111605.html",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/security111605.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2936",
"datePublished": "2005-11-18T11:00:00",
"dateReserved": "2005-09-15T00:00:00",
"dateUpdated": "2024-08-07T22:53:29.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0387 (GCVE-0-2004-0387)
Vulnerability from cvelistv5
Published
2004-04-16 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/displayvuln.php?osvdb_id=4977 | vdb-entry, x_refsource_OSVDB | |
| http://www.service.real.com/help/faq/security/040406_r3t/en/ | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=108135350810135&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15774 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0077.html | mailing-list, x_refsource_VULNWATCH | |
| http://secunia.com/advisories/11314 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ngssoftware.com/advisories/realr3t.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/10070 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4977",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=4977"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/help/faq/security/040406_r3t/en/"
},
{
"name": "20040307 REAL One Player R3T File Format Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108135350810135\u0026w=2"
},
{
"name": "realplayer-r3t-bo(15774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15774"
},
{
"name": "20040307 REAL One Player R3T File Format Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0077.html"
},
{
"name": "11314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11314"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/realr3t.txt"
},
{
"name": "10070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4977",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=4977"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/help/faq/security/040406_r3t/en/"
},
{
"name": "20040307 REAL One Player R3T File Format Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108135350810135\u0026w=2"
},
{
"name": "realplayer-r3t-bo(15774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15774"
},
{
"name": "20040307 REAL One Player R3T File Format Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0077.html"
},
{
"name": "11314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11314"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/realr3t.txt"
},
{
"name": "10070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4977",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=4977"
},
{
"name": "http://www.service.real.com/help/faq/security/040406_r3t/en/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/help/faq/security/040406_r3t/en/"
},
{
"name": "20040307 REAL One Player R3T File Format Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108135350810135\u0026w=2"
},
{
"name": "realplayer-r3t-bo(15774)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15774"
},
{
"name": "20040307 REAL One Player R3T File Format Stack Overflow",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0077.html"
},
{
"name": "11314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11314"
},
{
"name": "http://www.ngssoftware.com/advisories/realr3t.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/realr3t.txt"
},
{
"name": "10070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0387",
"datePublished": "2004-04-16T04:00:00",
"dateReserved": "2004-04-09T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0611 (GCVE-0-2005-0611)
Vulnerability from cvelistv5
Published
2005-03-02 05:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2005-271.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419 | vdb-entry, signature, x_refsource_OVAL | |
| http://service.real.com/help/faq/security/050224_player/EN/ | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2005-265.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=110979465912834&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=vulnwatch&m=110977858619314&w=2 | mailing-list, x_refsource_VULNWATCH |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2005:271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"name": "oval:org.mitre.oval:def:11419",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/050224_player/EN/"
},
{
"name": "RHSA-2005:265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
},
{
"name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110979465912834\u0026w=2"
},
{
"name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://marc.info/?l=vulnwatch\u0026m=110977858619314\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2005:271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"name": "oval:org.mitre.oval:def:11419",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/050224_player/EN/"
},
{
"name": "RHSA-2005:265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
},
{
"name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110979465912834\u0026w=2"
},
{
"name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://marc.info/?l=vulnwatch\u0026m=110977858619314\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0611",
"datePublished": "2005-03-02T05:00:00",
"dateReserved": "2005-03-02T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1481 (GCVE-0-2004-1481)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11309 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=ntbugtraq&m=109708374115061&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.service.real.com/help/faq/security/040928_player/EN/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/12672 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17549 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11309",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11309"
},
{
"name": "20041001 EEYE: RealPlayer pnen3260.dll Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "12672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12672"
},
{
"name": "realplayer-rm-code-execution(17549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11309",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11309"
},
{
"name": "20041001 EEYE: RealPlayer pnen3260.dll Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "12672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12672"
},
{
"name": "realplayer-rm-code-execution(17549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11309"
},
{
"name": "20041001 EEYE: RealPlayer pnen3260.dll Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2"
},
{
"name": "http://www.service.real.com/help/faq/security/040928_player/EN/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "12672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12672"
},
{
"name": "realplayer-rm-code-execution(17549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1481",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3410 (GCVE-0-2007-3410)
Vulnerability from cvelistv5
Published
2007-06-26 22:00
Modified
2024-08-07 14:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:13.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "oval:org.mitre.oval:def:10554",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"
},
{
"name": "20070626 RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547"
},
{
"name": "26463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26463"
},
{
"name": "GLSA-200709-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-05.xml"
},
{
"name": "24658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24658"
},
{
"name": "ADV-2007-2339",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2339"
},
{
"name": "realplayer-smiltime-wallclockvalue-bo(35088)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088"
},
{
"name": "RHSA-2007:0841",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0841.html"
},
{
"name": "26828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26828"
},
{
"name": "38342",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38342"
},
{
"name": "VU#770904",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/770904"
},
{
"name": "RHSA-2007:0605",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0605.html"
},
{
"name": "25859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25859"
},
{
"name": "37374",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37374"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "25819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25819"
},
{
"name": "1018297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018297"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "1018299",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "oval:org.mitre.oval:def:10554",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"
},
{
"name": "20070626 RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547"
},
{
"name": "26463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26463"
},
{
"name": "GLSA-200709-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-05.xml"
},
{
"name": "24658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24658"
},
{
"name": "ADV-2007-2339",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2339"
},
{
"name": "realplayer-smiltime-wallclockvalue-bo(35088)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088"
},
{
"name": "RHSA-2007:0841",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0841.html"
},
{
"name": "26828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26828"
},
{
"name": "38342",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38342"
},
{
"name": "VU#770904",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/770904"
},
{
"name": "RHSA-2007:0605",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0605.html"
},
{
"name": "25859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25859"
},
{
"name": "37374",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37374"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "25819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25819"
},
{
"name": "1018297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018297"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "1018299",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/10252007_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "oval:org.mitre.oval:def:10554",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"
},
{
"name": "20070626 RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547"
},
{
"name": "26463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26463"
},
{
"name": "GLSA-200709-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-05.xml"
},
{
"name": "24658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24658"
},
{
"name": "ADV-2007-2339",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2339"
},
{
"name": "realplayer-smiltime-wallclockvalue-bo(35088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088"
},
{
"name": "RHSA-2007:0841",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0841.html"
},
{
"name": "26828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26828"
},
{
"name": "38342",
"refsource": "OSVDB",
"url": "http://osvdb.org/38342"
},
{
"name": "VU#770904",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/770904"
},
{
"name": "RHSA-2007:0605",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0605.html"
},
{
"name": "25859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25859"
},
{
"name": "37374",
"refsource": "OSVDB",
"url": "http://osvdb.org/37374"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "25819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25819"
},
{
"name": "1018297",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018297"
},
{
"name": "27361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27361"
},
{
"name": "1018299",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3410",
"datePublished": "2007-06-26T22:00:00",
"dateReserved": "2007-06-26T00:00:00",
"dateUpdated": "2024-08-07T14:14:13.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0189 (GCVE-0-2005-0189)
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0046.html | mailing-list, x_refsource_NTBUGTRAQ | |
| http://marc.info/?l=bugtraq&m=110616636318261&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/12311 | vdb-entry, x_refsource_BID | |
| http://service.real.com/help/faq/security/040928_player/EN/ | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=109707741022291&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/698390 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050119 RealPlayer \u0027ShowPreferences\u0027 Buffer Overflow Vulnerability (#NISR19012005e)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0046.html"
},
{
"name": "20050119 RealPlayer \u0027ShowPreferences\u0027 Buffer Overflow Vulnerability (#NISR19012005e)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616636318261\u0026w=2"
},
{
"name": "12311",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12311"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
},
{
"name": "VU#698390",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/698390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050119 RealPlayer \u0027ShowPreferences\u0027 Buffer Overflow Vulnerability (#NISR19012005e)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0046.html"
},
{
"name": "20050119 RealPlayer \u0027ShowPreferences\u0027 Buffer Overflow Vulnerability (#NISR19012005e)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616636318261\u0026w=2"
},
{
"name": "12311",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12311"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
},
{
"name": "VU#698390",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/698390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050119 RealPlayer \u0027ShowPreferences\u0027 Buffer Overflow Vulnerability (#NISR19012005e)",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0046.html"
},
{
"name": "20050119 RealPlayer \u0027ShowPreferences\u0027 Buffer Overflow Vulnerability (#NISR19012005e)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110616636318261\u0026w=2"
},
{
"name": "12311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12311"
},
{
"name": "http://service.real.com/help/faq/security/040928_player/EN/",
"refsource": "MISC",
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
},
{
"name": "VU#698390",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/698390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0189",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-28T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2054 (GCVE-0-2005-2054)
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-09-16 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://service.real.com/help/faq/security/050623_player/EN/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:36.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/help/faq/security/050623_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2054",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-16T19:35:17.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0190 (GCVE-0-2005-0190)
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11308 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=110616160228843&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://service.real.com/help/faq/security/040928_player/EN/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17551 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/12672/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ngssoftware.com/advisories/real-02full.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=109707741022291&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11308",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11308"
},
{
"name": "20050119 RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616160228843\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "realplayer-media-file-deletion(17551)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17551"
},
{
"name": "12672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12672/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/real-02full.txt"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11308",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11308"
},
{
"name": "20050119 RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616160228843\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "realplayer-media-file-deletion(17551)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17551"
},
{
"name": "12672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12672/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/real-02full.txt"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11308"
},
{
"name": "20050119 RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110616160228843\u0026w=2"
},
{
"name": "http://service.real.com/help/faq/security/040928_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"name": "realplayer-media-file-deletion(17551)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17551"
},
{
"name": "12672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12672/"
},
{
"name": "http://www.ngssoftware.com/advisories/real-02full.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/real-02full.txt"
},
{
"name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0190",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-28T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2055 (GCVE-0-2005-2055)
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-09-17 02:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers".
References
| ▼ | URL | Tags |
|---|---|---|
| http://service.real.com/help/faq/security/050623_player/EN/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:36.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via \"default settings of earlier Internet Explorer browsers\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via \"default settings of earlier Internet Explorer browsers\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/help/faq/security/050623_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2055",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-17T02:15:53.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1321 (GCVE-0-2002-1321)
Vulnerability from cvelistv5
Published
2002-11-27 05:00
Modified
2024-08-08 03:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://service.real.com/help/faq/security/bufferoverrun_player.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/6229 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=103808645120764&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/6227 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10677 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/bufferoverrun_player.html"
},
{
"name": "6229",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6229"
},
{
"name": "20021122 Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103808645120764\u0026w=2"
},
{
"name": "6227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6227"
},
{
"name": "realplayer-rtsp-filename-bo(10677)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain \"Now Playing\" options on a downloaded file with a long filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/bufferoverrun_player.html"
},
{
"name": "6229",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6229"
},
{
"name": "20021122 Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103808645120764\u0026w=2"
},
{
"name": "6227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6227"
},
{
"name": "realplayer-rtsp-filename-bo(10677)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain \"Now Playing\" options on a downloaded file with a long filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/help/faq/security/bufferoverrun_player.html",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/bufferoverrun_player.html"
},
{
"name": "6229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6229"
},
{
"name": "20021122 Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103808645120764\u0026w=2"
},
{
"name": "6227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6227"
},
{
"name": "realplayer-rtsp-filename-bo(10677)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1321",
"datePublished": "2002-11-27T05:00:00",
"dateReserved": "2002-11-26T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0755 (GCVE-0-2005-0755)
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-07 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2005-392.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2005-363.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00040.html | vendor-advisory, x_refsource_FEDORA | |
| http://marc.info/?l=bugtraq&m=111401615202987&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://service.real.com/help/faq/security/050419_player/EN/ | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2005-394.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11205 | vdb-entry, signature, x_refsource_OVAL | |
| http://pb.specialised.info/all/adv/real-ram-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:27.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2005:392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-392.html"
},
{
"name": "RHSA-2005:363",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-363.html"
},
{
"name": "FEDORA-2005-329",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00040.html"
},
{
"name": "20050420 RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401615202987\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/050419_player/EN/"
},
{
"name": "RHSA-2005:394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-394.html"
},
{
"name": "oval:org.mitre.oval:def:11205",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pb.specialised.info/all/adv/real-ram-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2005:392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-392.html"
},
{
"name": "RHSA-2005:363",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-363.html"
},
{
"name": "FEDORA-2005-329",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00040.html"
},
{
"name": "20050420 RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401615202987\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/050419_player/EN/"
},
{
"name": "RHSA-2005:394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-394.html"
},
{
"name": "oval:org.mitre.oval:def:11205",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pb.specialised.info/all/adv/real-ram-adv.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0755",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-03-17T00:00:00",
"dateUpdated": "2024-08-07T21:28:27.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1014 (GCVE-0-2002-1014)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5217 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9538.php | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/843667 | third-party-advisory, x_refsource_CERT-VN | |
| http://service.real.com/help/faq/security/bufferoverrun07092002.html | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5217"
},
{
"name": "realplayer-rjs-controlnimage-bo(9538)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9538.php"
},
{
"name": "VU#843667",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/843667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5217"
},
{
"name": "realplayer-rjs-controlnimage-bo(9538)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9538.php"
},
{
"name": "VU#843667",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/843667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5217"
},
{
"name": "realplayer-rjs-controlnimage-bo(9538)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9538.php"
},
{
"name": "VU#843667",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/843667"
},
{
"name": "http://service.real.com/help/faq/security/bufferoverrun07092002.html",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1014",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-27T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0273 (GCVE-0-2004-0273)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/514734 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15123 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=107642978524321&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9580 | vdb-entry, x_refsource_BID | |
| http://service.real.com/help/faq/security/040123_player/EN/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#514734",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"name": "realoneplayer-rmp-directory-traversal(15123)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"name": "20040210 Directory traversal in RealPlayer allows code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"name": "9580",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#514734",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"name": "realoneplayer-rmp-directory-traversal(15123)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"name": "20040210 Directory traversal in RealPlayer allows code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"name": "9580",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#514734",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"name": "realoneplayer-rmp-directory-traversal(15123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"name": "20040210 Directory traversal in RealPlayer allows code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"name": "9580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9580"
},
{
"name": "http://service.real.com/help/faq/security/040123_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0273",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1015 (GCVE-0-2002-1015)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/888547 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/5210 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9539.php | vdb-entry, x_refsource_XF | |
| http://service.real.com/help/faq/security/bufferoverrun07092002.html | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#888547",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/888547"
},
{
"name": "5210",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5210"
},
{
"name": "realplayer-rjs-file-download(9539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9539.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#888547",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/888547"
},
{
"name": "5210",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5210"
},
{
"name": "realplayer-rjs-file-download(9539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9539.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#888547",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/888547"
},
{
"name": "5210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5210"
},
{
"name": "realplayer-rjs-file-download(9539)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9539.php"
},
{
"name": "http://service.real.com/help/faq/security/bufferoverrun07092002.html",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"name": "20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1015",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-27T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0141 (GCVE-0-2003-0141)
Vulnerability from cvelistv5
Published
2003-03-29 05:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.securityfocus.com/bid/7177 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=104887465427579&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10 | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/705761 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
},
{
"name": "7177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7177"
},
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
},
{
"name": "VU#705761",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/705761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
},
{
"name": "7177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7177"
},
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
},
{
"name": "VU#705761",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/705761"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
},
{
"name": "7177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7177"
},
{
"name": "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
},
{
"name": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10",
"refsource": "MISC",
"url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
},
{
"name": "VU#705761",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/705761"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0141",
"datePublished": "2003-03-29T05:00:00",
"dateReserved": "2003-03-13T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2263 (GCVE-0-2007-2263)
Vulnerability from cvelistv5
Published
2007-10-31 17:00
Modified
2024-08-07 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://service.real.com/realplayer/security/10252007_player/en/ | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-061.html | x_refsource_MISC | |
| http://osvdb.org/38344 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37436 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11432 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/archive/1/483110/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1018866 | vdb-entry, x_refsource_SECTRACK | |
| http://www.attrition.org/pipermail/vim/2007-October/001841.html | mailing-list, x_refsource_VIM | |
| http://www.vupen.com/english/advisories/2007/3628 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/26284 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/27361 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/26214 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html"
},
{
"name": "38344",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38344"
},
{
"name": "realplayer-swf-bo(37436)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37436"
},
{
"name": "oval:org.mitre.oval:def:11432",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11432"
},
{
"name": "20071031 ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483110/100/0/threaded"
},
{
"name": "1018866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018866"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "26284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26284"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "26214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html"
},
{
"name": "38344",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38344"
},
{
"name": "realplayer-swf-bo(37436)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37436"
},
{
"name": "oval:org.mitre.oval:def:11432",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11432"
},
{
"name": "20071031 ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483110/100/0/threaded"
},
{
"name": "1018866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018866"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "26284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26284"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "26214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/10252007_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html"
},
{
"name": "38344",
"refsource": "OSVDB",
"url": "http://osvdb.org/38344"
},
{
"name": "realplayer-swf-bo(37436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37436"
},
{
"name": "oval:org.mitre.oval:def:11432",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11432"
},
{
"name": "20071031 ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483110/100/0/threaded"
},
{
"name": "1018866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018866"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "26284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26284"
},
{
"name": "27361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27361"
},
{
"name": "26214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2263",
"datePublished": "2007-10-31T17:00:00",
"dateReserved": "2007-04-25T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0207 (GCVE-0-2002-0207)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3809 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html | mailing-list, x_refsource_VULN-DEV | |
| http://online.securityfocus.com/archive/1/252414 | mailing-list, x_refsource_BUGTRAQ | |
| http://online.securityfocus.com/archive/1/252425 | mailing-list, x_refsource_BUGTRAQ | |
| http://sentinelchicken.com/advisories/realplayer/ | x_refsource_MISC | |
| http://www.iss.net/security_center/static/7839.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:28.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3809",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3809"
},
{
"name": "20020105 RealPlayer Buffer Problem",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html"
},
{
"name": "20020124 Potential RealPlayer 8 Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/252414"
},
{
"name": "20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/252425"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sentinelchicken.com/advisories/realplayer/"
},
{
"name": "realplayer-file-header-bo(7839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7839.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3809",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3809"
},
{
"name": "20020105 RealPlayer Buffer Problem",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html"
},
{
"name": "20020124 Potential RealPlayer 8 Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/252414"
},
{
"name": "20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/252425"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sentinelchicken.com/advisories/realplayer/"
},
{
"name": "realplayer-file-header-bo(7839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7839.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3809"
},
{
"name": "20020105 RealPlayer Buffer Problem",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html"
},
{
"name": "20020124 Potential RealPlayer 8 Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/252414"
},
{
"name": "20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/252425"
},
{
"name": "http://sentinelchicken.com/advisories/realplayer/",
"refsource": "MISC",
"url": "http://sentinelchicken.com/advisories/realplayer/"
},
{
"name": "realplayer-file-header-bo(7839)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7839.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0207",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:42:28.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5080 (GCVE-0-2007-5080)
Vulnerability from cvelistv5
Published
2007-10-31 17:00
Modified
2024-08-07 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://service.real.com/realplayer/security/10252007_player/en/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37434 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1018866 | vdb-entry, x_refsource_SECTRACK | |
| http://www.attrition.org/pipermail/vim/2007-October/001841.html | mailing-list, x_refsource_VIM | |
| http://www.vupen.com/english/advisories/2007/3628 | vdb-entry, x_refsource_VUPEN | |
| http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/ | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/759385 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/27361 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/26214 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "realplayer-mp3-bo(37434)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
},
{
"name": "1018866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018866"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
},
{
"name": "VU#759385",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/759385"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "26214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "realplayer-mp3-bo(37434)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
},
{
"name": "1018866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018866"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
},
{
"name": "VU#759385",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/759385"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "26214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/10252007_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "realplayer-mp3-bo(37434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
},
{
"name": "1018866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018866"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
},
{
"name": "VU#759385",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/759385"
},
{
"name": "27361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27361"
},
{
"name": "26214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5080",
"datePublished": "2007-10-31T17:00:00",
"dateReserved": "2007-09-24T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2629 (GCVE-0-2005-2629)
Vulnerability from cvelistv5
Published
2005-11-18 23:00
Modified
2024-08-07 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "169",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/169"
},
{
"name": "1015186",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015186"
},
{
"name": "AD20051110a",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110a.html"
},
{
"name": "1015184",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015184"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "EEYEB20050510",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113166476423021\u0026w=2"
},
{
"name": "17514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"name": "15381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15381/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"name": "DSA-915",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-915"
},
{
"name": "oval:org.mitre.oval:def:9550",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550"
},
{
"name": "17860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17860"
},
{
"name": "1015185",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015185"
},
{
"name": "realplayer-rm-datapacket-bo(23024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "169",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/169"
},
{
"name": "1015186",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015186"
},
{
"name": "AD20051110a",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110a.html"
},
{
"name": "1015184",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015184"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "EEYEB20050510",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113166476423021\u0026w=2"
},
{
"name": "17514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"name": "15381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15381/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"name": "DSA-915",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-915"
},
{
"name": "oval:org.mitre.oval:def:9550",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550"
},
{
"name": "17860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17860"
},
{
"name": "1015185",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015185"
},
{
"name": "realplayer-rm-datapacket-bo(23024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "169",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/169"
},
{
"name": "1015186",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015186"
},
{
"name": "AD20051110a",
"refsource": "EEYE",
"url": "http://www.eeye.com/html/research/advisories/AD20051110a.html"
},
{
"name": "1015184",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015184"
},
{
"name": "17559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17559"
},
{
"name": "EEYEB20050510",
"refsource": "EEYE",
"url": "http://marc.info/?l=bugtraq\u0026m=113166476423021\u0026w=2"
},
{
"name": "17514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17514/"
},
{
"name": "15381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15381/"
},
{
"name": "http://service.real.com/help/faq/security/051110_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"name": "DSA-915",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-915"
},
{
"name": "oval:org.mitre.oval:def:9550",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550"
},
{
"name": "17860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17860"
},
{
"name": "1015185",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015185"
},
{
"name": "realplayer-rm-datapacket-bo(23024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2629",
"datePublished": "2005-11-18T23:00:00",
"dateReserved": "2005-08-19T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0258 (GCVE-0-2004-0258)
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.nextgenss.com/advisories/realone.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15040 | vdb-entry, x_refsource_XF | |
| http://www.ciac.org/ciac/bulletins/o-075.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.kb.cert.org/vuls/id/473814 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.service.real.com/help/faq/security/040123_player/EN/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/9579 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=107608748813559&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"name": "realoneplayer-multiple-file-bo(15040)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"name": "O-075",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"name": "VU#473814",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"name": "9579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"name": "realoneplayer-multiple-file-bo(15040)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"name": "O-075",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"name": "VU#473814",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"name": "9579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nextgenss.com/advisories/realone.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"name": "realoneplayer-multiple-file-bo(15040)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"name": "O-075",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"name": "20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"name": "VU#473814",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"name": "http://www.service.real.com/help/faq/security/040123_player/EN/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"name": "9579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9579"
},
{
"name": "20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne \u0026 RealPlayer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0258",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2922 (GCVE-0-2005-2922)
Vulnerability from cvelistv5
Published
2006-03-23 23:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "oval:org.mitre.oval:def:11444",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444"
},
{
"name": "SUSE-SA:2006:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "1015808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015808"
},
{
"name": "RHSA-2005:788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"name": "realnetworks-chunked-transferencoding-bo(25409)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25409"
},
{
"name": "19365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19365"
},
{
"name": "17202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "VU#172489",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/172489"
},
{
"name": "RHSA-2005:762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19358"
},
{
"name": "oval:org.mitre.oval:def:11444",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444"
},
{
"name": "SUSE-SA:2006:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "ADV-2006-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "1015808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015808"
},
{
"name": "RHSA-2005:788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"name": "realnetworks-chunked-transferencoding-bo(25409)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25409"
},
{
"name": "19365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19365"
},
{
"name": "17202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "VU#172489",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/172489"
},
{
"name": "RHSA-2005:762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.service.real.com/realplayer/security/03162006_player/en/",
"refsource": "CONFIRM",
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"name": "19358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19358"
},
{
"name": "oval:org.mitre.oval:def:11444",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444"
},
{
"name": "SUSE-SA:2006:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"name": "ADV-2006-1057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "1015808",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015808"
},
{
"name": "RHSA-2005:788",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"name": "realnetworks-chunked-transferencoding-bo(25409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25409"
},
{
"name": "19365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19365"
},
{
"name": "17202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "VU#172489",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/172489"
},
{
"name": "RHSA-2005:762",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2922",
"datePublished": "2006-03-23T23:00:00",
"dateReserved": "2005-09-15T00:00:00",
"dateUpdated": "2024-08-07T22:53:29.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2264 (GCVE-0-2007-2264)
Vulnerability from cvelistv5
Published
2007-10-31 17:00
Modified
2024-08-07 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://service.real.com/realplayer/security/10252007_player/en/ | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-063.html | x_refsource_MISC | |
| http://securitytracker.com/id?1018866 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37437 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/483113/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.attrition.org/pipermail/vim/2007-October/001841.html | mailing-list, x_refsource_VIM | |
| http://www.vupen.com/english/advisories/2007/3628 | vdb-entry, x_refsource_VUPEN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9100 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/27361 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/26214 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html"
},
{
"name": "1018866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018866"
},
{
"name": "realplayer-ram-bo(37437)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37437"
},
{
"name": "20071031 ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483113/100/0/threaded"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "oval:org.mitre.oval:def:9100",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9100"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "26214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html"
},
{
"name": "1018866",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018866"
},
{
"name": "realplayer-ram-bo(37437)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37437"
},
{
"name": "20071031 ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483113/100/0/threaded"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "oval:org.mitre.oval:def:9100",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9100"
},
{
"name": "27361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27361"
},
{
"name": "26214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/10252007_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html"
},
{
"name": "1018866",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018866"
},
{
"name": "realplayer-ram-bo(37437)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37437"
},
{
"name": "20071031 ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483113/100/0/threaded"
},
{
"name": "20071030 RealPlayer Updates of October 25, 2007",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"name": "ADV-2007-3628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"name": "oval:org.mitre.oval:def:9100",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9100"
},
{
"name": "27361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27361"
},
{
"name": "26214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2264",
"datePublished": "2007-10-31T17:00:00",
"dateReserved": "2007-04-25T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1509 (GCVE-0-2003-1509)
Vulnerability from cvelistv5
Published
2007-10-25 19:00
Modified
2024-08-08 02:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
References
| ▼ | URL | Tags |
|---|---|---|
| http://service.real.com/help/faq/security/securityupdate_october2003.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/8839 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13445 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
},
{
"name": "8839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8839"
},
{
"name": "realoneplayer-temporary-script-execution(13445)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
},
{
"name": "8839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8839"
},
{
"name": "realoneplayer-temporary-script-execution(13445)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/help/faq/security/securityupdate_october2003.html",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
},
{
"name": "8839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8839"
},
{
"name": "realoneplayer-temporary-script-execution(13445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1509",
"datePublished": "2007-10-25T19:00:00",
"dateReserved": "2007-10-25T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1416 (GCVE-0-2004-1416)
Vulnerability from cvelistv5
Published
2005-02-12 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/12660 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=110374765215675&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12660"
},
{
"name": "20041222 Realone2.0 \"pnxr3260.dll\" Lets Remote Users IE Browser Crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110374765215675\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12660"
},
{
"name": "20041222 Realone2.0 \"pnxr3260.dll\" Lets Remote Users IE Browser Crash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110374765215675\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12660"
},
{
"name": "20041222 Realone2.0 \"pnxr3260.dll\" Lets Remote Users IE Browser Crash",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110374765215675\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1416",
"datePublished": "2005-02-12T05:00:00",
"dateReserved": "2005-02-12T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "E971D8BF-C1B8-4489-9824-D7F1ACBA8DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "42C40382-8A43-47BC-B112-1FF87D513F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "41015020-77F1-4604-8F90-1D3398ABF96A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.3:*:linux:*:*:*:*:*",
"matchCriteriaId": "8F09FC85-710E-4B98-BB7B-D388F3EB58DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.4:*:linux:*:*:*:*:*",
"matchCriteriaId": "0CCEE460-284C-408D-A4FB-A49622004E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.5:*:linux:*:*:*:*:*",
"matchCriteriaId": "82258764-D89B-482B-BB7E-31D86BD6C586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "7621E796-2AF1-447B-B350-74841A85855E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5695A49-561F-434E-92AE-AEF13162BD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:0.288:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "FA36B216-65D0-490C-8102-7D99D21417CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:0.297:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "CD6C057A-407C-4794-9250-80E07C8E09CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "003D7E29-9970-4984-9756-C070E15B7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.0.305:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "3ADE53B2-53D5-4E84-9CFF-9D7C12727115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.0.331:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "EB4B64DF-7D14-460C-AE2D-02C67575CC9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "382E5B10-AE07-4325-BEE7-7B0432CDF845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "96897C76-EB4F-49A7-997E-C735CDD2B83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.3:*:linux:*:*:*:*:*",
"matchCriteriaId": "10A106E1-78FE-4CA3-9B3B-956B88E758E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.4:*:linux:*:*:*:*:*",
"matchCriteriaId": "7E2DC70C-42FF-493D-AA17-4BE1EA475839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.5:*:linux:*:*:*:*:*",
"matchCriteriaId": "71ACF9F5-6779-41FD-9F96-4DD202035DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "F29F875A-883C-4C8D-BF8D-4A1D83286A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*",
"matchCriteriaId": "336246FA-A06F-4792-9923-E6948F3494FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7BF07-8B9A-4BDF-BEA9-C55ABDEA8165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC15988-96A0-4EBE-BF99-14D46F5A9553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*",
"matchCriteriaId": "41F65BDA-393F-4274-B193-B578255DB013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4CADDC-84D2-45D9-99BA-A662D7490154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:rhapsody:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2B8F89-AFE2-4029-A9D3-88C99EC4774C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:rhapsody:3.0_build_0.815:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDA20ED-8151-44EC-AAFC-A273E918AE29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header."
}
],
"id": "CVE-2005-2922",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19365"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015808"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/172489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25409"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/172489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-788.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| checkmark | checkmark_payroll | * | |
| checkmark | checkmark_payroll | 3.7.5 | |
| checkmark | checkmark_payroll | 3.9.1 | |
| checkmark | checkmark_payroll | 3.9.2 | |
| checkmark | checkmark_payroll | 3.9.3 | |
| checkmark | checkmark_payroll | 3.9.4 | |
| checkmark | checkmark_payroll | 3.9.5 | |
| checkmark | multiledger | * | |
| checkmark | multiledger | 6.0.3 | |
| checkmark | multiledger | 6.0.5 | |
| checkmark | multiledger | 7.0.0 | |
| innermedia | dynazip_library | 5.00.00 | |
| innermedia | dynazip_library | 5.00.01 | |
| innermedia | dynazip_library | 5.00.02 | |
| innermedia | dynazip_library | 5.00.03 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0_6.0.12.690 | |
| realnetworks | realplayer | 10.0_beta | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5_6.0.12.1016_beta | |
| realnetworks | realplayer | 10.5_6.0.12.1040 | |
| realnetworks | realplayer | 10.5_6.0.12.1053 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkmark:checkmark_payroll:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F03FD8A-3D6A-4AA4-AF44-C5E6D2EC4A0F",
"versionEndIncluding": "3.9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmark:checkmark_payroll:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0F8527-D7CE-4365-845C-0D2E3ADB579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmark:checkmark_payroll:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A12948D5-551C-4063-975C-176959B04C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmark:checkmark_payroll:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F29C2D79-9B0B-4D1C-AFB3-FC624758C14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmark:checkmark_payroll:3.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "541E43DF-2B83-472F-9A44-12E5AFFFE81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmark:checkmark_payroll:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38169566-A98A-48B9-AF3F-7A3C3EF0206D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmark:checkmark_payroll:3.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4FC763-D8A3-4160-98F4-AE8D193E8B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmark:multiledger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67ABAD27-9D35-486F-9C31-640F6D64CBEF",
"versionEndIncluding": "7.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmark:multiledger:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE203C3A-3BC9-41F9-B53A-4734C43BE27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmark:multiledger:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "153CA3EB-BC3D-43E7-821D-7E80BD132189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkmark:multiledger:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBAEBB4-C04A-4897-968C-AE31E05412F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:innermedia:dynazip_library:5.00.00:*:*:*:*:*:*:*",
"matchCriteriaId": "EB059902-0581-4887-B597-6CE72321B884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:innermedia:dynazip_library:5.00.01:*:*:*:*:*:*:*",
"matchCriteriaId": "917CCDEC-86E3-4F1D-A2EF-9F636029AC25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:innermedia:dynazip_library:5.00.02:*:*:*:*:*:*:*",
"matchCriteriaId": "36BFF270-B270-404C-8B6F-067B0626F2D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:innermedia:dynazip_library:5.00.03:*:*:*:*:*:*:*",
"matchCriteriaId": "7F86FBC0-8E5C-47AB-B8BC-09B39DC64420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*",
"matchCriteriaId": "01513F87-049E-46A9-A573-A7AF27EB30C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC43D9-C93E-4FB4-B05B-9FB519B03DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "169753E3-949F-4B7D-9955-A52240CB8E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*",
"matchCriteriaId": "336246FA-A06F-4792-9923-E6948F3494FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el archivo InnerMedia DynaZip DUNZIP32.dll versi\u00f3n 5.00.03 y anteriores permite a atacantes ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero ZIP con un nombre de fichero largo, como se a demostrado usando (1) un fichero .rjs (piel) en RealPlayer 10 a 10.5 (6.0.12.1053) y RealOne Player 1 y 2, (2) la funci\u00f3n funci\u00f3n Restore Backup en CheckMark Software Payroll 2004/2005 3.9.6 y anteriores, (3) CheckMark MultiLedger anetrior a 7.0.2, (4) dtSearch 6.x y 7.x, (5) mcupdmgr.exe y mghtml.exe en McAfee VirusScan 10 construcci\u00f3n 10.0.21 y anteriores, y otros productos. NOTA: No est\u00e1 claro si esta es la misma vulnerabilidad que CVE-2004-0575, aunque la manipulaci\u00f3n de datos es la misma.\r\n"
}
],
"id": "CVE-2004-1094",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109894226007607\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17096"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17394"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18194"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19451"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/296"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/653"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011944"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012297"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016817"
},
{
"source": "cve@mitre.org",
"url": "http://service.real.com/help/faq/security/041026_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/582498"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.networksecurity.fi/advisories/dtsearch.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.networksecurity.fi/advisories/lotus-notes.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.networksecurity.fi/advisories/mcafee-virusscan.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.networksecurity.fi/advisories/multiledger.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.networksecurity.fi/advisories/payroll.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19906"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/420274/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/429361/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445369/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11555"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2057"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1176"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17879"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109894226007607\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/help/faq/security/041026_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/582498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.networksecurity.fi/advisories/dtsearch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.networksecurity.fi/advisories/lotus-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.networksecurity.fi/advisories/mcafee-virusscan.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.networksecurity.fi/advisories/multiledger.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.networksecurity.fi/advisories/payroll.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/420274/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/429361/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445369/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22737"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | 1.0 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 9.0.0.288 | |
| realnetworks | realone_player | 9.0.0.297 | |
| realnetworks | realplayer | - | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0_6.0.12.690 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5_6.0.12.1016 | |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "F40AA63E-932B-45B4-BA21-F22AEF66D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:9.0.0.288:*:*:*:*:macos:*:*",
"matchCriteriaId": "E6C291C3-9F2E-4197-91EB-C5D845E595D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:9.0.0.297:*:*:*:*:macos:*:*",
"matchCriteriaId": "D2866B30-6EF7-4941-8846-73F82A04D395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "16C148F6-427A-4D90-966E-9A6BECEAEF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "50511368-4765-489B-B2ED-8214887BCB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:unix:*:*",
"matchCriteriaId": "28E2C43D-3BF4-44FA-A6D2-275BF5FB33DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "ADD8B4E8-7315-4FC4-A339-6D65CC32A5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:de:*:*:*:*",
"matchCriteriaId": "EF2A171E-6E39-4FCC-88CC-655D18232FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*",
"matchCriteriaId": "4EBB6E97-C8C0-49A7-BCDA-794C4986BAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*",
"matchCriteriaId": "0C9031C2-95D1-46D0-965A-F4BAA76FB29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B4B6C4B6-9031-451B-B58B-45DA88173E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:beta:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "28D7D8D5-42BD-42E3-B193-CF18CD40991A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*",
"matchCriteriaId": "01513F87-049E-46A9-A573-A7AF27EB30C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016:beta:*:*:*:*:*:*",
"matchCriteriaId": "A75F4FE1-F3DA-493F-87B5-E1D2410949A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow."
}
],
"id": "CVE-2004-1481",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/12672"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/11309"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/12672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/11309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_desktop_manager | * | |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 | |
| realnetworks | realone_player | 6.0.11.868 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0_beta |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9200BD8-6D2F-49D4-B85B-C17D2C0F400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:win:*:*:*:*:*",
"matchCriteriaId": "B49F1421-2C52-4B67-BE04-A62E553E1819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*",
"matchCriteriaId": "3908DB26-D8C4-4368-A1B6-C067085CE4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:mac_os:*:*:*:*:*",
"matchCriteriaId": "971CE8B9-8A57-4849-9461-E4E79D1AB6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:unix:*:*:*:*:*",
"matchCriteriaId": "96180A27-295D-4C5E-9ED1-8D4F77C72183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "003D7E29-9970-4984-9756-C070E15B7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC43D9-C93E-4FB4-B05B-9FB519B03DCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, y RealPlayer Enterprise permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante ficheros 1) .RP, (2) .RT, (3) .RAM, (4) .RPM o (5) .SMIL malformados."
}
],
"id": "CVE-2004-0258",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"source": "cve@mitre.org",
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107608748813559\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-075.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/473814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/advisories/realone.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15040"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-18 06:03
Modified
2025-04-03 01:03
Severity ?
Summary
Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5_6.0.12.1040 | |
| realnetworks | realplayer | 10.5_6.0.12.1348 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1348:*:*:*:*:*:*:*",
"matchCriteriaId": "BB407A17-771F-4F46-A5F9-2458358C47AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\\program.exe file."
}
],
"id": "CVE-2005-2936",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-18T06:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015223"
},
{
"source": "cve@mitre.org",
"url": "http://service.real.com/help/faq/security/security111605.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=340\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15448"
},
{
"source": "cve@mitre.org",
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/help/faq/security/security111605.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=340\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1057"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-31 17:46
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | * | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:mac:en:*:*:*:*",
"matchCriteriaId": "E42CFE29-8AF0-4FAE-88FD-4E2D373FE16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "72F332E7-13EA-447D-8116-7CD404120040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "15FABF57-B77B-49FF-BEAF-1E0D6BD4B66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.305:mac:*:*:*:*:*",
"matchCriteriaId": "995983E3-6968-4071-A3E7-BC84800894C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.331:mac:*:*:*:*:*",
"matchCriteriaId": "1D5A55EF-BFC7-4703-B115-910DC8338733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.352:mac:*:*:*:*:*",
"matchCriteriaId": "A4FE917E-31A3-4065-B723-FACECEB1BEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.5:linux:*:*:*:*:*",
"matchCriteriaId": "28F3DFCA-C0E8-43FC-B313-7E21978AE481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.6:linux:*:*:*:*:*",
"matchCriteriaId": "2A874D31-8FDB-456C-ABF8-94F812DD1B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.7:linux:*:*:*:*:*",
"matchCriteriaId": "CB81B184-CD30-42DD-8BA6-BED303BF6377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.8:linux:*:*:*:*:*",
"matchCriteriaId": "F62E12E0-D806-40F4-8779-18679572AD04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.9:linux:*:*:*:*:*",
"matchCriteriaId": "5567F40F-B04C-4866-A7B2-C796AAA0CE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.396:mac:*:*:*:*:*",
"matchCriteriaId": "84E4F874-E9A5-40F1-82CF-5C2E4749DF6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.412:mac:*:*:*:*:*",
"matchCriteriaId": "EBC0DDE6-356C-4EE7-83E1-7EF5A0C5A751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*",
"matchCriteriaId": "FB3CC6D6-334F-4F9C-8A5C-7EC3DCACEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*",
"matchCriteriaId": "414712E9-6901-4D33-B970-36CC238D4257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*",
"matchCriteriaId": "35AAD3FF-B70E-46CB-A3C1-34B2412EE6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*",
"matchCriteriaId": "FA78969A-CBAE-4B67-96E7-F7EC9FD78E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*",
"matchCriteriaId": "B9BA3DF0-9785-4F70-A9A3-38F657B52AA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers."
},
{
"lang": "es",
"value": "Un Desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria en RealNetworks RealPlayer las versiones 10.0, 10.1 y posiblemente 10.5, RealOne Player y RealPlayer Enterprise permiten que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de un archivo SWF (Flash) con encabezados de registro mal formados."
}
],
"id": "CVE-2007-2263",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-31T17:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38344"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483110/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26284"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018866"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37436"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483110/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11432"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007:\nhttp://rhn.redhat.com/errata/RHSA-2007-0841.html)on\n\n(Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007)",
"lastModified": "2007-11-01T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-31 17:46
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | * | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:mac:en:*:*:*:*",
"matchCriteriaId": "E42CFE29-8AF0-4FAE-88FD-4E2D373FE16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:windows:en:*:*:*:*",
"matchCriteriaId": "880F633E-3833-4E07-91AE-F11E77DC3AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "72F332E7-13EA-447D-8116-7CD404120040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "15FABF57-B77B-49FF-BEAF-1E0D6BD4B66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.305:mac:*:*:*:*:*",
"matchCriteriaId": "995983E3-6968-4071-A3E7-BC84800894C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.331:mac:*:*:*:*:*",
"matchCriteriaId": "1D5A55EF-BFC7-4703-B115-910DC8338733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.352:mac:*:*:*:*:*",
"matchCriteriaId": "A4FE917E-31A3-4065-B723-FACECEB1BEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.5:linux:*:*:*:*:*",
"matchCriteriaId": "28F3DFCA-C0E8-43FC-B313-7E21978AE481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.6:linux:*:*:*:*:*",
"matchCriteriaId": "2A874D31-8FDB-456C-ABF8-94F812DD1B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.7:linux:*:*:*:*:*",
"matchCriteriaId": "CB81B184-CD30-42DD-8BA6-BED303BF6377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.8:linux:*:*:*:*:*",
"matchCriteriaId": "F62E12E0-D806-40F4-8779-18679572AD04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.9:linux:*:*:*:*:*",
"matchCriteriaId": "5567F40F-B04C-4866-A7B2-C796AAA0CE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0._481:mac:*:*:*:*:*",
"matchCriteriaId": "1311A415-4CBB-44BA-A014-FCC2BBFF6D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.396:mac:*:*:*:*:*",
"matchCriteriaId": "84E4F874-E9A5-40F1-82CF-5C2E4749DF6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.412:mac:*:*:*:*:*",
"matchCriteriaId": "EBC0DDE6-356C-4EE7-83E1-7EF5A0C5A751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*",
"matchCriteriaId": "FB3CC6D6-334F-4F9C-8A5C-7EC3DCACEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*",
"matchCriteriaId": "414712E9-6901-4D33-B970-36CC238D4257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*",
"matchCriteriaId": "35AAD3FF-B70E-46CB-A3C1-34B2412EE6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*",
"matchCriteriaId": "FA78969A-CBAE-4B67-96E7-F7EC9FD78E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*",
"matchCriteriaId": "B9BA3DF0-9785-4F70-A9A3-38F657B52AA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria en RealNetworks RealPlayer las versiones 8, 10, 10.1 y posiblemente 10.5; RealOne Player versiones 1 y 2; y RealPlayer Enterprise permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo RAM (.ra o .ram) con un valor de gran tama\u00f1o en el encabezado RA."
}
],
"id": "CVE-2007-2264",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-31T17:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1018866"
},
{
"source": "cve@mitre.org",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483113/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37437"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1018866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483113/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9100"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007:\nhttp://rhn.redhat.com/errata/RHSA-2007-0841.html)on\n\n(Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007)",
"lastModified": "2007-11-01T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | internet_explorer | 6.0.2800.1106 | |
| realnetworks | realone_player | 6.0.11.868 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E7189-CE21-4007-A3FA-39A6B51A5AB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*",
"matchCriteriaId": "3908DB26-D8C4-4368-A1B6-C067085CE4B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag."
}
],
"id": "CVE-2004-1416",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110374765215675\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/12660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110374765215675\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/12660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0_6.0.12.690 | |
| realnetworks | realplayer | 10.0_beta | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5_6.0.12.1016_beta | |
| realnetworks | realplayer | 10.5_6.0.12.1040 | |
| realnetworks | realplayer | 10.5_6.0.12.1053 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "003D7E29-9970-4984-9756-C070E15B7979",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*",
"matchCriteriaId": "01513F87-049E-46A9-A573-A7AF27EB30C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC43D9-C93E-4FB4-B05B-9FB519B03DCA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "169753E3-949F-4B7D-9955-A52240CB8E6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*",
"matchCriteriaId": "336246FA-A06F-4792-9923-E6948F3494FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value."
}
],
"id": "CVE-2005-0455",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/050224_player"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=209\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/050224_player"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=209\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10926"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_desktop_manager | * | |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.10.505 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9200BD8-6D2F-49D4-B85B-C17D2C0F400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*",
"matchCriteriaId": "2BBC41FB-B9F5-47EB-97D8-3ACFC5182AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
}
],
"id": "CVE-2003-0726",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2003-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1007532"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"source": "cve@mitre.org",
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1007532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/335293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.service.real.com/help/faq/security/securityupdate_august2003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-26 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | 10.0.5 | |
| realnetworks | helix_player | 10.0.6 | |
| realnetworks | helix_player | 10.0.7 | |
| realnetworks | helix_player | 10.0.8 | |
| realnetworks | helix_player | 10.5-gold | |
| realnetworks | realone_player | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "09EF251C-E054-4A0F-A1F3-8BCC659F2DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE47C9FE-D304-427E-8E14-583EAB321DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5C42DE15-367D-40AC-BD63-CCC281524194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "60E2870B-AEB9-4D65-9D04-971434530D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.5-gold:*:*:*:*:*:*:*",
"matchCriteriaId": "EE62D59F-014C-4730-9C2A-75E9AD42975E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5695A49-561F-434E-92AE-AEF13162BD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n SmilTimeValue::parseWallClockValue en el archivo smlprstime.cpp en RealNetworks RealPlayer versiones 10, 10.1 y posiblemente 10.5, RealOne Player, RealPlayer Enterprise y Helix Player versi\u00f3n 10.5-GOLD y versiones 10.0.5 hasta 10.0.8, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo SMIL (SMIL2) con un valor wallclock largo."
}
],
"id": "CVE-2007-3410",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-26T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37374"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38342"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25819"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25859"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26463"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26828"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200709-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018297"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018299"
},
{
"source": "cve@mitre.org",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/770904"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0605.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0841.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24658"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2339"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200709-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/770904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0605.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-23 23:06
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | * | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5_6.0.12.1040 | |
| realnetworks | realplayer | 10.5_6.0.12.1053 | |
| realnetworks | realplayer | 10.5_6.0.12.1056 | |
| realnetworks | realplayer | 10.5_6.0.12.1059 | |
| realnetworks | realplayer | 10.5_6.0.12.1069 | |
| realnetworks | realplayer | 10.5_6.0.12.1235 | |
| realnetworks | realplayer | 10.5_6.0.12.1348 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*",
"matchCriteriaId": "336246FA-A06F-4792-9923-E6948F3494FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7BF07-8B9A-4BDF-BEA9-C55ABDEA8165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC15988-96A0-4EBE-BF99-14D46F5A9553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*",
"matchCriteriaId": "41F65BDA-393F-4274-B193-B578255DB013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4CADDC-84D2-45D9-99BA-A662D7490154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1348:*:*:*:*:*:*:*",
"matchCriteriaId": "BB407A17-771F-4F46-A5F9-2458358C47AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file."
}
],
"evaluatorSolution": "This vulnerability affects all versions of RealNetworks, RealPlayer from 10.5 v6.0.12.1040 through 10.5 v6.0.12.1348.",
"id": "CVE-2006-1370",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-03-23T23:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015810"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/451556"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17202"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/451556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-31 17:46
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | * | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:mac:en:*:*:*:*",
"matchCriteriaId": "E42CFE29-8AF0-4FAE-88FD-4E2D373FE16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:windows:en:*:*:*:*",
"matchCriteriaId": "880F633E-3833-4E07-91AE-F11E77DC3AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "72F332E7-13EA-447D-8116-7CD404120040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "15FABF57-B77B-49FF-BEAF-1E0D6BD4B66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.305:mac:*:*:*:*:*",
"matchCriteriaId": "995983E3-6968-4071-A3E7-BC84800894C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.331:mac:*:*:*:*:*",
"matchCriteriaId": "1D5A55EF-BFC7-4703-B115-910DC8338733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.352:mac:*:*:*:*:*",
"matchCriteriaId": "A4FE917E-31A3-4065-B723-FACECEB1BEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.5:linux:*:*:*:*:*",
"matchCriteriaId": "28F3DFCA-C0E8-43FC-B313-7E21978AE481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.6:linux:*:*:*:*:*",
"matchCriteriaId": "2A874D31-8FDB-456C-ABF8-94F812DD1B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.7:linux:*:*:*:*:*",
"matchCriteriaId": "CB81B184-CD30-42DD-8BA6-BED303BF6377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.8:linux:*:*:*:*:*",
"matchCriteriaId": "F62E12E0-D806-40F4-8779-18679572AD04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.9:linux:*:*:*:*:*",
"matchCriteriaId": "5567F40F-B04C-4866-A7B2-C796AAA0CE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.396:mac:*:*:*:*:*",
"matchCriteriaId": "84E4F874-E9A5-40F1-82CF-5C2E4749DF6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.412:mac:*:*:*:*:*",
"matchCriteriaId": "EBC0DDE6-356C-4EE7-83E1-7EF5A0C5A751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*",
"matchCriteriaId": "FB3CC6D6-334F-4F9C-8A5C-7EC3DCACEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*",
"matchCriteriaId": "414712E9-6901-4D33-B970-36CC238D4257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*",
"matchCriteriaId": "35AAD3FF-B70E-46CB-A3C1-34B2412EE6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*",
"matchCriteriaId": "FA78969A-CBAE-4B67-96E7-F7EC9FD78E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*",
"matchCriteriaId": "B9BA3DF0-9785-4F70-A9A3-38F657B52AA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en RealNetworks RealPlayer versiones 8, 10, 10.1 y posiblemente 10.5; RealOne Player versiones 1 y 2; y RealPlayer Enterprise, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo RM dise\u00f1ado."
}
],
"id": "CVE-2007-5081",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-31T17:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38340"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018866"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37435"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007:\nhttp://rhn.redhat.com/errata/RHSA-2007-0841.html)on\n\n(Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007)",
"lastModified": "2007-11-01T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-10-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0_6.0.12.690 | |
| realnetworks | realplayer | 10.0_beta | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5_6.0.12.1016_beta | |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*",
"matchCriteriaId": "4EBB6E97-C8C0-49A7-BCDA-794C4986BAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*",
"matchCriteriaId": "0C9031C2-95D1-46D0-965A-F4BAA76FB29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:de:*:*:*:*:*",
"matchCriteriaId": "E5E04CB6-AD7E-4F38-A6D9-D68C35DC9EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*",
"matchCriteriaId": "01513F87-049E-46A9-A573-A7AF27EB30C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC43D9-C93E-4FB4-B05B-9FB519B03DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "169753E3-949F-4B7D-9955-A52240CB8E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument."
}
],
"id": "CVE-2005-0189",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-10-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616636318261\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/698390"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616636318261\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/698390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12311"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-19 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0_6.0.12.690 | |
| realnetworks | realplayer | 10.0_beta | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5_6.0.12.1016_beta | |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*",
"matchCriteriaId": "4EBB6E97-C8C0-49A7-BCDA-794C4986BAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*",
"matchCriteriaId": "0C9031C2-95D1-46D0-965A-F4BAA76FB29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:de:*:*:*:*:*",
"matchCriteriaId": "E5E04CB6-AD7E-4F38-A6D9-D68C35DC9EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*",
"matchCriteriaId": "01513F87-049E-46A9-A573-A7AF27EB30C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC43D9-C93E-4FB4-B05B-9FB519B03DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "169753E3-949F-4B7D-9955-A52240CB8E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag."
}
],
"id": "CVE-2005-0191",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-01-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616302008401\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/real-03full.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616302008401\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/real-03full.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18982"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.10.505 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 | |
| realnetworks | realone_player | 6.0.11.868 | |
| realnetworks | realplayer | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:*:*:*:*:*:*:*",
"matchCriteriaId": "B04AEBE0-0160-4EA0-A177-BB66B2A842CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*",
"matchCriteriaId": "3908DB26-D8C4-4368-A1B6-C067085CE4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a \"file:javascript:\" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726."
}
],
"id": "CVE-2004-1798",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/9584"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1008647"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.osvdb.org/3826"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/349086"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/9378"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/9584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1008647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.osvdb.org/3826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/349086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/9378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14168"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_desktop_manager | * | |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 | |
| realnetworks | realone_player | 6.0.11.868 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9200BD8-6D2F-49D4-B85B-C17D2C0F400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:win:*:*:*:*:*",
"matchCriteriaId": "B49F1421-2C52-4B67-BE04-A62E553E1819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*",
"matchCriteriaId": "3908DB26-D8C4-4368-A1B6-C067085CE4B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesamiento de directorios en RealOne Player, RealOne Player 2.0, y RealOne Enterprise Desktop permite a atacantes remotos subir ficheros arbitrarios mediante un fichero RMP que contenga secuencias .. (punto punto) en fichero de piel .rjs."
}
],
"id": "CVE-2004-0273",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107642978524321\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/514734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realjukebox_2 | 1.0.2.340 | |
| realnetworks | realjukebox_2 | 1.0.2.379 | |
| realnetworks | realjukebox_2_plus | 1.0.2.340 | |
| realnetworks | realjukebox_2_plus | 1.0.2.379 | |
| realnetworks | realone_player | 6.0.10.505 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2:1.0.2.340:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8A693D-A504-4949-9947-0D7CFC8849C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2:1.0.2.379:*:*:*:*:*:*:*",
"matchCriteriaId": "3887C616-8817-414A-9FD9-B5B365420A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2_plus:1.0.2.340:*:*:*:*:*:*:*",
"matchCriteriaId": "869156EC-1587-4CAB-836F-BF6A7D556F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2_plus:1.0.2.379:*:*:*:*:*:*:*",
"matchCriteriaId": "911D7615-7AEC-4F17-AC04-E5AF35B549DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*",
"matchCriteriaId": "2BBC41FB-B9F5-47EB-97D8-3ACFC5182AAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image."
}
],
"id": "CVE-2002-1014",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html"
},
{
"source": "cve@mitre.org",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9538.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/843667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9538.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/843667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5217"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-18 23:03
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | 1.0 | |
| realnetworks | helix_player | 1.0.1 | |
| realnetworks | helix_player | 1.0.2 | |
| realnetworks | helix_player | 1.0.3 | |
| realnetworks | helix_player | 1.0.4 | |
| realnetworks | helix_player | 1.0.5 | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | * | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5_6.0.12.1040 | |
| realnetworks | realplayer | 10.5_6.0.12.1053 | |
| realnetworks | realplayer | 10.5_6.0.12.1056 | |
| realnetworks | realplayer | 10.5_6.0.12.1059 | |
| realnetworks | realplayer | 10.5_6.0.12.1069 | |
| realnetworks | realplayer | 10.5_6.0.12.1235 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "E290CDC0-738D-447C-BD21-95D6843BB480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "91EF8E27-2DEC-4F46-9FEF-9FDE4327783D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "988391F6-F8D4-43A0-A423-DC93CD5ED301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.3:*:linux:*:*:*:*:*",
"matchCriteriaId": "108C2C6B-B626-44CF-AFBB-F4F867A4E91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.4:*:linux:*:*:*:*:*",
"matchCriteriaId": "315A22F8-692F-4D51-ABE2-A564A7111521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.5:*:linux:*:*:*:*:*",
"matchCriteriaId": "51D19434-B812-48FA-829E-A91910BA8941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "003D7E29-9970-4984-9756-C070E15B7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "EB23A853-3AD4-4EB9-B178-12B5E6E93BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*",
"matchCriteriaId": "336246FA-A06F-4792-9923-E6948F3494FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7BF07-8B9A-4BDF-BEA9-C55ABDEA8165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC15988-96A0-4EBE-BF99-14D46F5A9553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*",
"matchCriteriaId": "41F65BDA-393F-4274-B193-B578255DB013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4CADDC-84D2-45D9-99BA-A662D7490154",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481."
}
],
"id": "CVE-2005-2629",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-11-18T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113166476423021\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17559"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17860"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/169"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015184"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015185"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015186"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-915"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110a.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15381/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113166476423021\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15381/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."
}
],
"id": "CVE-2003-1509",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/8839"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/help/faq/security/securityupdate_october2003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/8839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-10-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:de:*:*:*:*",
"matchCriteriaId": "EF2A171E-6E39-4FCC-88CC-655D18232FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*",
"matchCriteriaId": "4EBB6E97-C8C0-49A7-BCDA-794C4986BAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*",
"matchCriteriaId": "0C9031C2-95D1-46D0-965A-F4BAA76FB29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B4B6C4B6-9031-451B-B58B-45DA88173E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename."
}
],
"id": "CVE-2005-0192",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-10-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616302008401\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.ngssoftware.com/advisories/real-03full.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616302008401\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ngssoftware.com/advisories/real-03full.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-04-02 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=104887465427579&w=2 | ||
| cve@mitre.org | http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/705761 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/7177 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=104887465427579&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/705761 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/7177 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_enterprise_desktop | 6.0.11.774 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realone_player | 6.0.10.505 | |
| realnetworks | realone_player | 6.0.11.818 | |
| realnetworks | realone_player | 6.0.11.830 | |
| realnetworks | realone_player | 6.0.11.841 | |
| realnetworks | realone_player | 6.0.11.853 | |
| realnetworks | realone_player | 9.0.0.288 | |
| realnetworks | realone_player | 9.0.0.297 | |
| realnetworks | realplayer | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"matchCriteriaId": "27DDB6F2-9EAF-4A77-BB3B-D3989E1D9458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*",
"matchCriteriaId": "2BBC41FB-B9F5-47EB-97D8-3ACFC5182AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BB6A9-B0CE-4C04-8481-53B7CB195264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"matchCriteriaId": "41688192-70B7-4C35-AE4F-FE116104137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"matchCriteriaId": "FA11D9CD-113B-4977-B150-D6500552222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"matchCriteriaId": "BF391DD1-2912-49BF-BC9F-B9FA3771737F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:9.0.0.288:*:*:*:*:*:*:*",
"matchCriteriaId": "D6083AD8-024A-41C7-8189-BE0827239090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:9.0.0.297:*:*:*:*:*:*:*",
"matchCriteriaId": "103892C8-6C98-4861-8252-0076EF1B1302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length."
}
],
"id": "CVE-2003-0141",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2003-04-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/705761"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104887465427579\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=311\u0026idxseccion=10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/705761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7177"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-31 17:46
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:windows:en:*:*:*:*",
"matchCriteriaId": "880F633E-3833-4E07-91AE-F11E77DC3AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "72F332E7-13EA-447D-8116-7CD404120040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "15FABF57-B77B-49FF-BEAF-1E0D6BD4B66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*",
"matchCriteriaId": "FB3CC6D6-334F-4F9C-8A5C-7EC3DCACEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*",
"matchCriteriaId": "414712E9-6901-4D33-B970-36CC238D4257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*",
"matchCriteriaId": "35AAD3FF-B70E-46CB-A3C1-34B2412EE6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*",
"matchCriteriaId": "FA78969A-CBAE-4B67-96E7-F7EC9FD78E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*",
"matchCriteriaId": "B9BA3DF0-9785-4F70-A9A3-38F657B52AA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en RealNetworks RealPlayer 10 y 10.5, REalOne Player 1, y RealPlayer Enterprise para Windows permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una etiqueta Lyrics3 2.00 manipulada en un archivo MP3, resultando en un desbordamiento de b\u00fafer basado en mont\u00edculo."
}
],
"id": "CVE-2007-5080",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-31T17:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/759385"
},
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018866"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/759385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.",
"lastModified": "2007-11-01T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-03 22:29
Modified
2024-11-21 03:46
Severity ?
Summary
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/921580451/RealOnePlayer-sBug/issues/1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/921580451/RealOnePlayer-sBug/issues/1 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file."
},
{
"lang": "es",
"value": "RealOnePlayer 2.0 Build 6.0.11.872, permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (acceso fuera de l\u00edmites del array y cierre inesperado de la aplicaci\u00f3n) mediante un archivo .aiff manipulado."
}
],
"id": "CVE-2018-13121",
"lastModified": "2024-11-21T03:46:28.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-03T22:29:00.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/921580451/RealOnePlayer-sBug/issues/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/921580451/RealOnePlayer-sBug/issues/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-28 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | * | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5_6.0.12.1040 | |
| realnetworks | realplayer | 10.5_6.0.12.1069 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*",
"matchCriteriaId": "41F65BDA-393F-4274-B193-B578255DB013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value."
}
],
"id": "CVE-2005-2052",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-06-28T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111955853611840\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111955853611840\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-29 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://service.real.com/help/faq/security/050623_player/EN/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://service.real.com/help/faq/security/050623_player/EN/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5_6.0.12.1040_1069 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040_1069:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0BE7CF-D281-46F7-90B5-B469BE10E9A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file."
}
],
"id": "CVE-2005-2054",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-06-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-18 23:03
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | * | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5_6.0.12.1040 | |
| realnetworks | realplayer | 10.5_6.0.12.1053 | |
| realnetworks | realplayer | 10.5_6.0.12.1056 | |
| realnetworks | realplayer | 10.5_6.0.12.1059 | |
| realnetworks | realplayer | 10.5_6.0.12.1069 | |
| realnetworks | realplayer | 10.5_6.0.12.1235 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "003D7E29-9970-4984-9756-C070E15B7979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "EB23A853-3AD4-4EB9-B178-12B5E6E93BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*",
"matchCriteriaId": "336246FA-A06F-4792-9923-E6948F3494FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7BF07-8B9A-4BDF-BEA9-C55ABDEA8165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC15988-96A0-4EBE-BF99-14D46F5A9553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*",
"matchCriteriaId": "41F65BDA-393F-4274-B193-B578255DB013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4CADDC-84D2-45D9-99BA-A662D7490154",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094."
}
],
"id": "CVE-2005-2630",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-11-18T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113166519206033\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17860"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/170"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015184"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015185"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110b.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/18827"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15382"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113166519206033\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17514/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.eeye.com/html/research/advisories/AD20051110b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23025"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realjukebox_2 | 1.0.2.340 | |
| realnetworks | realjukebox_2 | 1.0.2.379 | |
| realnetworks | realjukebox_2_plus | 1.0.2.340 | |
| realnetworks | realjukebox_2_plus | 1.0.2.379 | |
| realnetworks | realone_player | 6.0.10.505 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2:1.0.2.340:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8A693D-A504-4949-9947-0D7CFC8849C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2:1.0.2.379:*:*:*:*:*:*:*",
"matchCriteriaId": "3887C616-8817-414A-9FD9-B5B365420A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2_plus:1.0.2.340:*:*:*:*:*:*:*",
"matchCriteriaId": "869156EC-1587-4CAB-836F-BF6A7D556F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realjukebox_2_plus:1.0.2.379:*:*:*:*:*:*:*",
"matchCriteriaId": "911D7615-7AEC-4F17-AC04-E5AF35B549DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*",
"matchCriteriaId": "2BBC41FB-B9F5-47EB-97D8-3ACFC5182AAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers."
}
],
"id": "CVE-2002-1015",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html"
},
{
"source": "cve@mitre.org",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9539.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/888547"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/help/faq/security/bufferoverrun07092002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9539.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/888547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5210"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-29 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0_6.0.12.690 | |
| realnetworks | realplayer | 10.0_beta | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5_6.0.12.1016_beta | |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*",
"matchCriteriaId": "4EBB6E97-C8C0-49A7-BCDA-794C4986BAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*",
"matchCriteriaId": "0C9031C2-95D1-46D0-965A-F4BAA76FB29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:de:*:*:*:*:*",
"matchCriteriaId": "E5E04CB6-AD7E-4F38-A6D9-D68C35DC9EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*",
"matchCriteriaId": "01513F87-049E-46A9-A573-A7AF27EB30C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC43D9-C93E-4FB4-B05B-9FB519B03DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "169753E3-949F-4B7D-9955-A52240CB8E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*",
"matchCriteriaId": "91278EFD-0285-4389-9C53-50FE225C3C19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension."
}
],
"id": "CVE-2005-0190",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-09-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616160228843\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12672/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/real-02full.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11308"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109707741022291\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110616160228843\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12672/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/040928_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/real-02full.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17551"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | * | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | * | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B288E1C-4511-482A-B39D-E6BB9585AF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files."
}
],
"id": "CVE-2005-0611",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=110979465912834\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=vulnwatch\u0026m=110977858619314\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://service.real.com/help/faq/security/050224_player/EN/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110979465912834\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=vulnwatch\u0026m=110977858619314\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/help/faq/security/050224_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-06-01 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | * | |
| realnetworks | realone_player | * | |
| realnetworks | realone_player | 10_beta | |
| realnetworks | realplayer | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5695A49-561F-434E-92AE-AEF13162BD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "552506F9-8030-4924-84EE-59830878C466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:10_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "AE413C6D-0195-44BF-A49F-2D3C4749A1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file."
}
],
"id": "CVE-2004-0387",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-06-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108135350810135\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11314"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/realr3t.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=4977"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10070"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.service.real.com/help/faq/security/040406_r3t/en/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108135350810135\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/realr3t.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=4977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.service.real.com/help/faq/security/040406_r3t/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15774"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | * | |
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0_6.0.12.690 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D907A-72C4-463A-B989-2D6296B3204A",
"versionEndIncluding": "10.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "50511368-4765-489B-B2ED-8214887BCB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:unix:*:*",
"matchCriteriaId": "28E2C43D-3BF4-44FA-A6D2-275BF5FB33DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:de:*:*:*:*",
"matchCriteriaId": "EF2A171E-6E39-4FCC-88CC-655D18232FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:en:*:*:*:*",
"matchCriteriaId": "4EBB6E97-C8C0-49A7-BCDA-794C4986BAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:*",
"matchCriteriaId": "0C9031C2-95D1-46D0-965A-F4BAA76FB29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B4B6C4B6-9031-451B-B58B-45DA88173E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*",
"matchCriteriaId": "01513F87-049E-46A9-A573-A7AF27EB30C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file."
}
],
"id": "CVE-2005-0755",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-04-19T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401615202987\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://pb.specialised.info/all/adv/real-ram-adv.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://service.real.com/help/faq/security/050419_player/EN/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-363.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-392.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-394.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401615202987\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://pb.specialised.info/all/adv/real-ram-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://service.real.com/help/faq/security/050419_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-363.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-392.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-394.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11205"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | * | |
| realnetworks | realplayer | 6.0 | |
| realnetworks | realplayer | 7.0 | |
| realnetworks | realplayer | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:g2:*:*:*:*:*:*",
"matchCriteriaId": "F443B415-782D-4059-931E-222968D5CC8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:6.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "65124AAD-0F80-4FBB-8A29-420C445E889C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:7.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "2F5492A8-E1B6-4ADF-B057-125ECD8B7FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*",
"matchCriteriaId": "003D7E29-9970-4984-9756-C070E15B7979",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain \"Now Playing\" options on a downloaded file with a long filename."
},
{
"lang": "es",
"value": "M\u00fcltiples desbordamientos de b\u00fafer en RealOne y RealPlayer permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante \r\n\r\nun fichero de Lenguaje de Integraci\u00f3n Multimedia Sincronizada (SMIL) con un par\u00e1metro largo.\r\nun nombre de fichero largo en una petici\u00f3n rtsp://, por ejemplo un fichero. m3u, o\r\nCiertas opciones \"Now Playing\" (Reproduciendo Ahora) en un fichero descargado con un nombre de fichero largo."
}
],
"id": "CVE-2002-1321",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103808645120764\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://service.real.com/help/faq/security/bufferoverrun_player.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6227"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6229"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103808645120764\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://service.real.com/help/faq/security/bufferoverrun_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-29 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://service.real.com/help/faq/security/050623_player/EN/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://service.real.com/help/faq/security/050623_player/EN/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | * | |
| realnetworks | realplayer | 8.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5_6.0.12.1040_1069 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040_1069:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0BE7CF-D281-46F7-90B5-B469BE10E9A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via \"default settings of earlier Internet Explorer browsers\"."
}
],
"id": "CVE-2005-2055",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-31 17:46
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | 1.0 | |
| realnetworks | realone_player | 2.0 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 10.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:windows:en:*:*:*:*",
"matchCriteriaId": "880F633E-3833-4E07-91AE-F11E77DC3AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "72F332E7-13EA-447D-8116-7CD404120040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "15FABF57-B77B-49FF-BEAF-1E0D6BD4B66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*",
"matchCriteriaId": "FB3CC6D6-334F-4F9C-8A5C-7EC3DCACEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*",
"matchCriteriaId": "414712E9-6901-4D33-B970-36CC238D4257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*",
"matchCriteriaId": "35AAD3FF-B70E-46CB-A3C1-34B2412EE6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*",
"matchCriteriaId": "FA78969A-CBAE-4B67-96E7-F7EC9FD78E38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en RealNetworks RealPlayer versiones 10 y posiblemente en 10.5, y RealOne Player versiones 1 y 2, para Windows, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo de lista de reproducci\u00f3n (PLS) dise\u00f1ada."
}
],
"id": "CVE-2007-4599",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-31T17:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38341"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018866"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483112/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-062.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/10252007_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483112/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37438"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.",
"lastModified": "2007-11-01T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-23 23:06
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | * | |
| realnetworks | realone_player | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.0.6 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | rhapsody | 3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B288E1C-4511-482A-B39D-E6BB9585AF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5695A49-561F-434E-92AE-AEF13162BD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:gold:*:*:*:*:*:*",
"matchCriteriaId": "F1E6B49C-BDF7-41A8-A6B4-4AA1A47C87FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B857582E-8B1A-4ED4-8C0C-9D8D5BDD1E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:rhapsody:3:*:*:*:*:*:*:*",
"matchCriteriaId": "91156125-28D3-498A-9521-F748D9FA7FF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en swfformat.dll en m\u00faltiples productos y versiones RealNetworks incluyendo RealPlayer 10.x, RealOne Player, Rhapsody 3 y Helix Player permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo SWF (Flash) manipulado con (1) un valor de tama\u00f1o que es menor que el tama\u00f1o real o (2) otras manipulaciones no especificadas."
}
],
"id": "CVE-2006-0323",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-23T23:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19362"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19365"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19390"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/690"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015806"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/231028"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/231028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-05-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realone_player | * | |
| realnetworks | realplayer_intranet | * | |
| realnetworks | realplayer_intranet | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB23A59-3C3E-42AF-8516-A6BF09D23ABF",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_intranet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAC6EBA2-7964-432D-883E-F894F6A44E84",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_intranet:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "777C703D-70A6-4091-8C21-85587657BBA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header."
},
{
"lang": "es",
"value": "Desbordamiento del b\u00fafer en la aplicaci\u00f3n Real Networks RealPlayer 8.0 y versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo arbitrario usando un valor de longitud de cabecera que excede la longitud actual de cabecera."
}
],
"id": "CVE-2002-0207",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/archive/1/252414"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/archive/1/252425"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sentinelchicken.com/advisories/realplayer/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.iss.net/security_center/static/7839.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/3809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/archive/1/252414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/archive/1/252425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sentinelchicken.com/advisories/realplayer/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.iss.net/security_center/static/7839.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/3809"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}