cvelistv5 - CVE-2006-0323

CVE-2006-0323 (GCVE-0-2006-0323)

Vulnerability from cvelistv5

Published

2006-03-23 23:00

Modified

2024-08-07 16:34

Severity ?

CWE

Summary

Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.

References

URL

Tags

cve@mitre.org	http://secunia.com/advisories/19358	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19362	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19365	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19390	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/690
cve@mitre.org	http://securitytracker.com/id?1015806
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/231028	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_18_realplayer.html	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2006-0257.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/430621/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17202	Exploit
cve@mitre.org	http://www.service.real.com/realplayer/security/03162006_player/en/	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1057
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/25408
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19358	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19362	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19365	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19390	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/690
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015806
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/231028	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_18_realplayer.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0257.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/430621/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17202	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.service.real.com/realplayer/security/03162006_player/en/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1057
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25408

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:34:13.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
          },
          {
            "name": "19358",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19358"
          },
          {
            "name": "SUSE-SA:2006:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
          },
          {
            "name": "19362",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19362"
          },
          {
            "name": "ADV-2006-1057",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1057"
          },
          {
            "name": "RHSA-2006:0257",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
          },
          {
            "name": "690",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/690"
          },
          {
            "name": "19365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19365"
          },
          {
            "name": "GLSA-200603-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
          },
          {
            "name": "1015806",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015806"
          },
          {
            "name": "17202",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17202"
          },
          {
            "name": "20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
          },
          {
            "name": "realnetworks-swf-bo(25408)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
          },
          {
            "name": "19390",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19390"
          },
          {
            "name": "VU#231028",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/231028"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-03-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
        },
        {
          "name": "19358",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19358"
        },
        {
          "name": "SUSE-SA:2006:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
        },
        {
          "name": "19362",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19362"
        },
        {
          "name": "ADV-2006-1057",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1057"
        },
        {
          "name": "RHSA-2006:0257",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
        },
        {
          "name": "690",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/690"
        },
        {
          "name": "19365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19365"
        },
        {
          "name": "GLSA-200603-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
        },
        {
          "name": "1015806",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015806"
        },
        {
          "name": "17202",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17202"
        },
        {
          "name": "20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
        },
        {
          "name": "realnetworks-swf-bo(25408)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
        },
        {
          "name": "19390",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19390"
        },
        {
          "name": "VU#231028",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/231028"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.service.real.com/realplayer/security/03162006_player/en/",
              "refsource": "CONFIRM",
              "url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
            },
            {
              "name": "19358",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19358"
            },
            {
              "name": "SUSE-SA:2006:018",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
            },
            {
              "name": "19362",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19362"
            },
            {
              "name": "ADV-2006-1057",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1057"
            },
            {
              "name": "RHSA-2006:0257",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
            },
            {
              "name": "690",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/690"
            },
            {
              "name": "19365",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19365"
            },
            {
              "name": "GLSA-200603-24",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
            },
            {
              "name": "1015806",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015806"
            },
            {
              "name": "17202",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17202"
            },
            {
              "name": "20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
            },
            {
              "name": "realnetworks-swf-bo(25408)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
            },
            {
              "name": "19390",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19390"
            },
            {
              "name": "VU#231028",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/231028"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0323",
    "datePublished": "2006-03-23T23:00:00",
    "dateReserved": "2006-01-19T00:00:00",
    "dateUpdated": "2024-08-07T16:34:13.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-0323\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-03-23T23:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de buffer en swfformat.dll en m\u00faltiples productos y versiones RealNetworks incluyendo RealPlayer 10.x, RealOne Player, Rhapsody 3 y Helix Player permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo SWF (Flash) manipulado con (1) un valor de tama\u00f1o que es menor que el tama\u00f1o real o (2) otras manipulaciones no especificadas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B288E1C-4511-482A-B39D-E6BB9585AF18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5695A49-561F-434E-92AE-AEF13162BD78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E6B49C-BDF7-41A8-A6B4-4AA1A47C87FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B857582E-8B1A-4ED4-8C0C-9D8D5BDD1E31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348F3214-E5C2-4D39-916F-1B0263D13F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:rhapsody:3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91156125-28D3-498A-9521-F748D9FA7FF7\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19358\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19362\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19365\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19390\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/690\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015806\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/231028\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_18_realplayer.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0257.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/430621/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17202\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.service.real.com/realplayer/security/03162006_player/en/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1057\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25408\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19358\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19362\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19365\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/19390\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/690\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015806\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/231028\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_18_realplayer.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0257.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/430621/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17202\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.service.real.com/realplayer/security/03162006_player/en/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25408\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2006-AVI-127

Vulnerability from certfr_avis

Plusieurs vulnérabilités présentes dans des produits de RealNetworks permettent à un utilisateur malveillant de lancer une attaque par débordement de tampon et donc d'exécuter du code arbitraire sur la machine de l'utilisateur.

Description

Plusieurs vulnérabilités existent dans des produits multimédia RealNetworks, incluant RealPlayer, RealOne, Helix et Rhapsody. Elles peuvent être utilisées par une personne malveillante pour exécuter du code arbitraire sur la machine de l'utilisateur. Nous listons ci-dessous un rapide détail de trois d'entre elles :

Une erreur dans la manipulation des pages internet peut être utilisée par une personne malveillante pour effectuer un débordement de tampon et exécuter du code arbitraire.
Une erreur dans l'appel à la fonction CreateProcess() permet à un utilisateur local malveillant d'exécuter des programmes placés dans le même répertoire que celui d'un exécutable de RealNetworks.
Une erreur dans la manipulation de fichiers Flash Media SWF permet à un utilisateur malveillant d'effectuer un débordement de tampon et d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
N/A	N/A	RealOne Player v1
N/A	N/A	Rhapsody 3
N/A	N/A	RealOne Player v2
N/A	N/A	Helix Player 1.x
N/A	N/A	RealPlayer 8
N/A	N/A	RealPlayer Enterprise 1.x
N/A	N/A	RealPlayer 10.x

References

Title

Publication Time

RHSA-2006:0257

Vulnerability from csaf_redhat

Published

2006-03-22 20:29

Modified

2025-11-21 17:30

Summary

Red Hat Security Advisory: RealPlayer security update

Notes

Topic

An updated RealPlayer package that fixes a buffer overflow bug is now available for Red Hat Enterprise Linux Extras 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

RealPlayer is a media player that provides media playback locally and via streaming. A buffer overflow bug was discovered in the way RealPlayer processes Flash Media (.swf) files. It is possible for a malformed Flash Media file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0323 to this issue. All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.7 and is not vulnerable to this issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated RealPlayer package that fixes a buffer overflow bug is now\navailable for Red Hat Enterprise Linux Extras 3 and 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "RealPlayer is a media player that provides media playback locally and via\nstreaming.\n\nA buffer overflow bug was discovered in the way RealPlayer processes Flash\nMedia (.swf) files.  It is possible for a malformed Flash Media file to\nexecute arbitrary code as the user running RealPlayer.  The Common\nVulnerabilities and Exposures project assigned the name CVE-2006-0323 to\nthis issue.\n\nAll users of RealPlayer are advised to upgrade to this updated package,\nwhich contains RealPlayer version 10.0.7 and is not vulnerable to this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0257",
        "url": "https://access.redhat.com/errata/RHSA-2006:0257"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "183932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=183932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0257.json"
      }
    ],
    "title": "Red Hat Security Advisory: RealPlayer security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:30:04+00:00",
      "generator": {
        "date": "2025-11-21T17:30:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2006:0257",
      "initial_release_date": "2006-03-22T20:29:00+00:00",
      "revision_history": [
        {
          "date": "2006-03-22T20:29:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-03-22T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:30:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "Red Hat Desktop version 3 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "Red Hat Desktop version 4 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-0323",
      "discovery_date": "2006-03-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617883"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0323"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617883",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617883"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0323",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0323"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0323",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0323"
        }
      ],
      "release_date": "2006-03-22T20:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-03-22T20:29:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0257"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2006:0257

Vulnerability from csaf_redhat

Published

2006-03-22 20:29

Modified

2025-11-21 17:30

Summary

Red Hat Security Advisory: RealPlayer security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated RealPlayer package that fixes a buffer overflow bug is now\navailable for Red Hat Enterprise Linux Extras 3 and 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "RealPlayer is a media player that provides media playback locally and via\nstreaming.\n\nA buffer overflow bug was discovered in the way RealPlayer processes Flash\nMedia (.swf) files.  It is possible for a malformed Flash Media file to\nexecute arbitrary code as the user running RealPlayer.  The Common\nVulnerabilities and Exposures project assigned the name CVE-2006-0323 to\nthis issue.\n\nAll users of RealPlayer are advised to upgrade to this updated package,\nwhich contains RealPlayer version 10.0.7 and is not vulnerable to this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0257",
        "url": "https://access.redhat.com/errata/RHSA-2006:0257"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "183932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=183932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0257.json"
      }
    ],
    "title": "Red Hat Security Advisory: RealPlayer security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:30:04+00:00",
      "generator": {
        "date": "2025-11-21T17:30:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2006:0257",
      "initial_release_date": "2006-03-22T20:29:00+00:00",
      "revision_history": [
        {
          "date": "2006-03-22T20:29:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-03-22T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:30:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "Red Hat Desktop version 3 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "Red Hat Desktop version 4 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-0323",
      "discovery_date": "2006-03-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617883"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0323"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617883",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617883"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0323",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0323"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0323",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0323"
        }
      ],
      "release_date": "2006-03-22T20:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-03-22T20:29:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0257"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2006_0257

Vulnerability from csaf_redhat

Published

2006-03-22 20:29

Modified

2024-11-14 10:04

Summary

Red Hat Security Advisory: RealPlayer security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated RealPlayer package that fixes a buffer overflow bug is now\navailable for Red Hat Enterprise Linux Extras 3 and 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "RealPlayer is a media player that provides media playback locally and via\nstreaming.\n\nA buffer overflow bug was discovered in the way RealPlayer processes Flash\nMedia (.swf) files.  It is possible for a malformed Flash Media file to\nexecute arbitrary code as the user running RealPlayer.  The Common\nVulnerabilities and Exposures project assigned the name CVE-2006-0323 to\nthis issue.\n\nAll users of RealPlayer are advised to upgrade to this updated package,\nwhich contains RealPlayer version 10.0.7 and is not vulnerable to this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0257",
        "url": "https://access.redhat.com/errata/RHSA-2006:0257"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "183932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=183932"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0257.json"
      }
    ],
    "title": "Red Hat Security Advisory: RealPlayer security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:04:01+00:00",
      "generator": {
        "date": "2024-11-14T10:04:01+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2006:0257",
      "initial_release_date": "2006-03-22T20:29:00+00:00",
      "revision_history": [
        {
          "date": "2006-03-22T20:29:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-03-22T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:04:01+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "Red Hat Desktop version 3 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "Red Hat Desktop version 4 Extras",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-0323",
      "discovery_date": "2006-03-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617883"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Desktop version 3 Extras",
          "Red Hat Desktop version 4 Extras"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0323"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617883",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617883"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0323",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0323"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0323",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0323"
        }
      ],
      "release_date": "2006-03-22T20:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-03-22T20:29:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Desktop version 3 Extras",
            "Red Hat Desktop version 4 Extras"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0257"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

gsd-2006-0323

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-0323

Aliases

CVE-2006-0323

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-0323",
    "description": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.",
    "id": "GSD-2006-0323",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-0323.html",
      "https://access.redhat.com/errata/RHSA-2006:0257",
      "https://packetstormsecurity.com/files/cve/CVE-2006-0323"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-0323"
      ],
      "details": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.",
      "id": "GSD-2006-0323",
      "modified": "2023-12-13T01:19:50.836755Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-0323",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.service.real.com/realplayer/security/03162006_player/en/",
            "refsource": "CONFIRM",
            "url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
          },
          {
            "name": "19358",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19358"
          },
          {
            "name": "SUSE-SA:2006:018",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
          },
          {
            "name": "19362",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19362"
          },
          {
            "name": "ADV-2006-1057",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1057"
          },
          {
            "name": "RHSA-2006:0257",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
          },
          {
            "name": "690",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/690"
          },
          {
            "name": "19365",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19365"
          },
          {
            "name": "GLSA-200603-24",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
          },
          {
            "name": "1015806",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015806"
          },
          {
            "name": "17202",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17202"
          },
          {
            "name": "20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
          },
          {
            "name": "realnetworks-swf-bo(25408)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
          },
          {
            "name": "19390",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19390"
          },
          {
            "name": "VU#231028",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/231028"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:gold:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:rhapsody:3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0323"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.service.real.com/realplayer/security/03162006_player/en/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
            },
            {
              "name": "1015806",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015806"
            },
            {
              "name": "SUSE-SA:2006:018",
              "refsource": "SUSE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
            },
            {
              "name": "17202",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/17202"
            },
            {
              "name": "19358",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19358"
            },
            {
              "name": "GLSA-200603-24",
              "refsource": "GENTOO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
            },
            {
              "name": "VU#231028",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/231028"
            },
            {
              "name": "19365",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19365"
            },
            {
              "name": "19390",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19390"
            },
            {
              "name": "RHSA-2006:0257",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
            },
            {
              "name": "19362",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19362"
            },
            {
              "name": "690",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/690"
            },
            {
              "name": "ADV-2006-1057",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1057"
            },
            {
              "name": "realnetworks-swf-bo(25408)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
            },
            {
              "name": "20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-19T15:44Z",
      "publishedDate": "2006-03-23T23:06Z"
    }
  }
}

fkie_cve-2006-0323

Vulnerability from fkie_nvd

Published

2006-03-23 23:06

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/19358	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19362	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19365	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/19390	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/690
cve@mitre.org	http://securitytracker.com/id?1015806
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/231028	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_18_realplayer.html	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2006-0257.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/430621/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17202	Exploit
cve@mitre.org	http://www.service.real.com/realplayer/security/03162006_player/en/	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1057
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/25408
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19358	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19362	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19365	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19390	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/690
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015806
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/231028	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_18_realplayer.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0257.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/430621/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17202	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.service.real.com/realplayer/security/03162006_player/en/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1057
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25408

Impacted products

Vendor	Product	Version
realnetworks	helix_player	*
realnetworks	realone_player	*
realnetworks	realplayer	10.0
realnetworks	realplayer	10.0.6
realnetworks	realplayer	10.5
realnetworks	rhapsody	3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B288E1C-4511-482A-B39D-E6BB9585AF18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5695A49-561F-434E-92AE-AEF13162BD78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:gold:*:*:*:*:*:*",
              "matchCriteriaId": "F1E6B49C-BDF7-41A8-A6B4-4AA1A47C87FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B857582E-8B1A-4ED4-8C0C-9D8D5BDD1E31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:rhapsody:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "91156125-28D3-498A-9521-F748D9FA7FF7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en swfformat.dll en m\u00faltiples productos y versiones RealNetworks incluyendo RealPlayer 10.x, RealOne Player, Rhapsody 3 y Helix Player permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo SWF (Flash) manipulado con (1) un valor de tama\u00f1o que es menor que el tama\u00f1o real o (2) otras manipulaciones no especificadas."
    }
  ],
  "id": "CVE-2006-0323",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-03-23T23:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19358"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19362"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19365"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19390"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/690"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015806"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/231028"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/17202"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1057"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015806"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/231028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/17202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-cmx3-qq55-47x6

Vulnerability from github

Published

2022-05-01 06:38

Modified

2025-04-03 04:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-0323"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-03-23T23:06:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.",
  "id": "GHSA-cmx3-qq55-47x6",
  "modified": "2025-04-03T04:28:56Z",
  "published": "2022-05-01T06:38:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0323"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25408"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19358"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19362"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19365"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19390"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/690"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015806"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/231028"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_18_realplayer.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0257.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/430621/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17202"
    },
    {
      "type": "WEB",
      "url": "http://www.service.real.com/realplayer/security/03162006_player/en"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1057"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-0323 (GCVE-0-2006-0323)

Vulnerability from cvelistv5

CERTA-2006-AVI-127

Vulnerability from certfr_avis

Description

Solution

RHSA-2006:0257

Vulnerability from csaf_redhat

rhsa-2006:0257

Vulnerability from csaf_redhat

rhsa-2006_0257

Vulnerability from csaf_redhat

gsd-2006-0323

Vulnerability from gsd

fkie_cve-2006-0323

Vulnerability from fkie_nvd

ghsa-cmx3-qq55-47x6

Vulnerability from github

Tags

Sightings

Nomenclature