Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2008-AVI-378
Vulnerability from certfr_avis
Plusieurs vulnérabilités affectant RealPlayer sur différentes plateformes ont été corrigées.
Description
Quatre vulnérabilités affectant RealPlayer ont été corrigées par la dernière mise à jour. Deux concernent l'ActiveX associé au lecteur multimédia alors qu'une autre est présente lors de la lecture de fichier SFW. La dernière, non documentée, permet un dépassement de mémoire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les versions antérieures aux suivantes sont vulnérables :
- RealPlayer pour Windows 11.0.3 build 6.0.14.806 ;
- RealPlayer pour Windows Vista 10.5 build 6.0.12.1675 ;
- RealPlayer pour Mac 11 ;
- RealPlayer pour Linux 11.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eLes versions ant\u00e9rieures aux suivantes sont vuln\u00e9rables : \u003cUL\u003e \u003cLI\u003eRealPlayer pour Windows 11.0.3 build 6.0.14.806 ;\u003c/LI\u003e \u003cLI\u003eRealPlayer pour Windows Vista 10.5 build 6.0.12.1675 ;\u003c/LI\u003e \u003cLI\u003eRealPlayer pour Mac 11 ;\u003c/LI\u003e \u003cLI\u003eRealPlayer pour Linux 11.\u003c/LI\u003e \u003c/UL\u003e\u003c/p\u003e",
"content": "## Description\n\nQuatre vuln\u00e9rabilit\u00e9s affectant RealPlayer ont \u00e9t\u00e9 corrig\u00e9es par la\nderni\u00e8re mise \u00e0 jour. Deux concernent l\u0027ActiveX associ\u00e9 au lecteur\nmultim\u00e9dia alors qu\u0027une autre est pr\u00e9sente lors de la lecture de fichier\nSFW. La derni\u00e8re, non document\u00e9e, permet un d\u00e9passement de m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-3064",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3064"
},
{
"name": "CVE-2008-3066",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3066"
},
{
"name": "CVE-2008-1309",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1309"
},
{
"name": "CVE-2007-5400",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5400"
}
],
"initial_release_date": "2008-07-28T00:00:00",
"last_revision_date": "2008-07-28T00:00:00",
"links": [],
"reference": "CERTA-2008-AVI-378",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-07-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant RealPlayer sur diff\u00e9rentes\nplateformes ont \u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans RealPlayer",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de mise \u00e0 jour de RealPlayer du 25 juillet 2008",
"url": "http://service.real.com/realplayer/security/07252008_player/en"
}
]
}
CVE-2008-1309 (GCVE-0-2008-1309)
Vulnerability from cvelistv5
Published
2008-03-12 17:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:33.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "realplayer-realaudioobjects-code-execution(41087)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41087"
},
{
"name": "ADV-2008-2194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "29315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29315"
},
{
"name": "20080310 Real Networks RealPlayer ActiveX Control Heap Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html"
},
{
"name": "1019576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019576"
},
{
"name": "5332",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5332"
},
{
"name": "ADV-2008-0842",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0842"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/"
},
{
"name": "VU#831457",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/831457"
},
{
"name": "20080725 ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494779/100/0/threaded"
},
{
"name": "1020563",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020563"
},
{
"name": "28157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "realplayer-realaudioobjects-code-execution(41087)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41087"
},
{
"name": "ADV-2008-2194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "29315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29315"
},
{
"name": "20080310 Real Networks RealPlayer ActiveX Control Heap Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html"
},
{
"name": "1019576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019576"
},
{
"name": "5332",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5332"
},
{
"name": "ADV-2008-0842",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0842"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/"
},
{
"name": "VU#831457",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/831457"
},
{
"name": "20080725 ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494779/100/0/threaded"
},
{
"name": "1020563",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020563"
},
{
"name": "28157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "realplayer-realaudioobjects-code-execution(41087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41087"
},
{
"name": "ADV-2008-2194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"name": "http://service.real.com/realplayer/security/07252008_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "29315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29315"
},
{
"name": "20080310 Real Networks RealPlayer ActiveX Control Heap Corruption",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html"
},
{
"name": "1019576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019576"
},
{
"name": "5332",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5332"
},
{
"name": "ADV-2008-0842",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0842"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/"
},
{
"name": "VU#831457",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/831457"
},
{
"name": "20080725 ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494779/100/0/threaded"
},
{
"name": "1020563",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020563"
},
{
"name": "28157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1309",
"datePublished": "2008-03-12T17:00:00",
"dateReserved": "2008-03-12T00:00:00",
"dateUpdated": "2024-08-07T08:17:33.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5400 (GCVE-0-2007-5400)
Vulnerability from cvelistv5
Published
2008-07-28 17:00
Modified
2024-08-07 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4048",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4048"
},
{
"name": "realplayer-swf-frame-bo(43996)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43996"
},
{
"name": "ADV-2008-2194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"name": "31321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31321"
},
{
"name": "20080725 Secunia Research: RealPlayer SWF Frame Handling Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494749/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "1020562",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020562"
},
{
"name": "27620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27620"
},
{
"name": "RHSA-2008:0812",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0812.html"
},
{
"name": "30370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30370"
},
{
"name": "VU#298651",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/298651"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-93/advisory/"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "4048",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4048"
},
{
"name": "realplayer-swf-frame-bo(43996)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43996"
},
{
"name": "ADV-2008-2194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"name": "31321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31321"
},
{
"name": "20080725 Secunia Research: RealPlayer SWF Frame Handling Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494749/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "1020562",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020562"
},
{
"name": "27620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27620"
},
{
"name": "RHSA-2008:0812",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0812.html"
},
{
"name": "30370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30370"
},
{
"name": "VU#298651",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/298651"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-93/advisory/"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4048",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4048"
},
{
"name": "realplayer-swf-frame-bo(43996)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43996"
},
{
"name": "ADV-2008-2194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"name": "31321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31321"
},
{
"name": "20080725 Secunia Research: RealPlayer SWF Frame Handling Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494749/100/0/threaded"
},
{
"name": "http://service.real.com/realplayer/security/07252008_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "1020562",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020562"
},
{
"name": "27620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27620"
},
{
"name": "RHSA-2008:0812",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0812.html"
},
{
"name": "30370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30370"
},
{
"name": "VU#298651",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298651"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "http://secunia.com/secunia_research/2007-93/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-93/advisory/"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-5400",
"datePublished": "2008-07-28T17:00:00",
"dateReserved": "2007-10-12T00:00:00",
"dateUpdated": "2024-08-07T15:31:58.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3064 (GCVE-0-2008-3064)
Vulnerability from cvelistv5
Published
2008-07-28 17:00
Modified
2024-08-07 09:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability."
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "20080730 RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494934/100/0/threaded"
},
{
"name": "realplayer-resourcereference-unspecified(44014)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44014"
},
{
"name": "1020564",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020564"
},
{
"name": "30378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a \"Local resource reference vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "20080730 RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494934/100/0/threaded"
},
{
"name": "realplayer-resourcereference-unspecified(44014)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44014"
},
{
"name": "1020564",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020564"
},
{
"name": "30378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a \"Local resource reference vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"name": "http://service.real.com/realplayer/security/07252008_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "20080730 RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494934/100/0/threaded"
},
{
"name": "realplayer-resourcereference-unspecified(44014)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44014"
},
{
"name": "1020564",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020564"
},
{
"name": "30378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3064",
"datePublished": "2008-07-28T17:00:00",
"dateReserved": "2008-07-07T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3066 (GCVE-0-2008-3066)
Vulnerability from cvelistv5
Published
2008-07-28 17:00
Modified
2024-08-07 09:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:35.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080725 http://www.zerodayinitiative.com/advisories/ZDI-08-046",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494778/100/0/threaded"
},
{
"name": "ADV-2008-2194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"name": "VU#461187",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/461187"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "1020565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020565"
},
{
"name": "30379",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30379"
},
{
"name": "30376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30376"
},
{
"name": "realplayer-rjbdll-activex-bo(44013)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-046/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080725 http://www.zerodayinitiative.com/advisories/ZDI-08-046",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494778/100/0/threaded"
},
{
"name": "ADV-2008-2194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"name": "VU#461187",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/461187"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "1020565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020565"
},
{
"name": "30379",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30379"
},
{
"name": "30376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30376"
},
{
"name": "realplayer-rjbdll-activex-bo(44013)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-046/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080725 http://www.zerodayinitiative.com/advisories/ZDI-08-046",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494778/100/0/threaded"
},
{
"name": "ADV-2008-2194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2194/references"
},
{
"name": "VU#461187",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/461187"
},
{
"name": "http://service.real.com/realplayer/security/07252008_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/07252008_player/en/"
},
{
"name": "1020565",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020565"
},
{
"name": "30379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30379"
},
{
"name": "30376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30376"
},
{
"name": "realplayer-rjbdll-activex-bo(44013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44013"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-046/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-046/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3066",
"datePublished": "2008-07-28T17:00:00",
"dateReserved": "2008-07-07T00:00:00",
"dateUpdated": "2024-08-07T09:21:35.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…