CVE-2007-5081

Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://service.real.com/realplayer/security/10252007_player/en/	Patch
http://www.attrition.org/pipermail/vim/2007-October/001841.html
http://www.securityfocus.com/bid/26214
http://securitytracker.com/id?1018866
http://secunia.com/advisories/27361	Patch Vendor Advisory
http://osvdb.org/38340
http://www.vupen.com/english/advisories/2007/3628	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/37435
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11625

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.331:mac:::::*
	cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.352:mac:::::*
	cpe:2.3:a:realnetworks:realplayer:10.0:10.0.5:linux:::::*
	cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:::::*
	cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:::::*
	cpe:2.3:a:realnetworks:realone_player:::mac:en::::
	cpe:2.3:a:realnetworks:realplayer:10.0:10.0.6:linux:::::*
	cpe:2.3:a:realnetworks:realplayer:10.0:10.0.7:linux:::::*
	cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:::::*
	cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:::::*
	cpe:2.3:a:realnetworks:realplayer:10.0::windows:::::
	cpe:2.3:a:realnetworks:realone_player:2.0::windows:::::
	cpe:2.3:a:realnetworks:realplayer:10.0:10.0.9:linux:::::*
	cpe:2.3:a:realnetworks:realplayer:8.0:::::::*
	cpe:2.3:a:realnetworks:realone_player:1.0::windows:en::::*
	cpe:2.3:a:realnetworks:realplayer_enterprise:::windows:en::::
	cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.396:mac:::::*
	cpe:2.3:a:realnetworks:realplayer:10.0:10.0.8:linux:::::*
	cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.305:mac:::::*
	cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.412:mac:::::*

Information

Published : 2007-10-31 10:46

Updated : 2017-09-28 18:29

NVD link : CVE-2007-5081

Mitre link : CVE-2007-5081

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

realnetworks

realplayer_enterprise
realone_player
realplayer

9.3 /10