9.3 - CVE-2005-2922

Executive Summary

Informations
Name	CVE-2005-2922	First vendor Publication	2005-12-31
Vendor	Cve	Last vendor Modification	2017-10-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2922

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11444

Oval ID:	oval:org.mitre.oval:def:11444
Title:	Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
Description:	Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-2922	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND HelixPlayer is earlier than 1:1.0.6-0.EL4.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Realnetworks Helix Player cpe:2.3:a:realnetworks:helix_player:10.0.6::linux::::: cpe:2.3:a:realnetworks:helix_player:10.0.5::linux::::: cpe:2.3:a:realnetworks:helix_player:10.0.4::linux::::: cpe:2.3:a:realnetworks:helix_player:10.0.3::linux::::: cpe:2.3:a:realnetworks:helix_player:10.0.2::linux::::: cpe:2.3:a:realnetworks:helix_player:10.0.1::linux::::: cpe:2.3:a:realnetworks:helix_player:10.0::linux:::::	7
Application	Realnetworks Realone Player cpe:2.3:a:realnetworks:realone_player:2.0:::::::* cpe:2.3:a:realnetworks:realone_player:1.0:::::::* cpe:2.3:a:realnetworks:realone_player:0.297::mac_os_x::::: cpe:2.3:a:realnetworks:realone_player:0.288::mac_os_x::::: cpe:2.3:a:realnetworks:realone_player::::::::	5
Application	Realnetworks Realplayer cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:::::::* cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:::::::* cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:::::::* cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:::::::* cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:::::::* cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:::::::* cpe:2.3:a:realnetworks:realplayer:10.5:::::::* cpe:2.3:a:realnetworks:realplayer:10.0.6::linux::::: cpe:2.3:a:realnetworks:realplayer:10.0.5::linux::::: cpe:2.3:a:realnetworks:realplayer:10.0.4::linux::::: cpe:2.3:a:realnetworks:realplayer:10.0.3::linux::::: cpe:2.3:a:realnetworks:realplayer:10.0.2::linux::::: cpe:2.3:a:realnetworks:realplayer:10.0.1::linux::::: cpe:2.3:a:realnetworks:realplayer:10.0.0.331::mac_os::::: cpe:2.3:a:realnetworks:realplayer:10.0.0.305::mac_os::::: cpe:2.3:a:realnetworks:realplayer:10.0:::::::* cpe:2.3:a:realnetworks:realplayer:8.0::win32::::: cpe:2.3:a:realnetworks:realplayer:::enterprise:::::*	18
Application	Realnetworks Rhapsody cpe:2.3:a:realnetworks:rhapsody:3.0_build_0.815:::::::* cpe:2.3:a:realnetworks:rhapsody:3.0:::::::*	2

SAINT Exploits

Description	Link
RealPlayer invalid chunk header heap overflow	More info here

OpenVAS Exploits

Date	Description
2008-09-04	Name : FreeBSD Ports: linux-realplayer File : nvt/freebsd_linux-realplayer3.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
24062	RealNetworks Multiple Products Web Page Embedded Player Content Overflow

Snort® IPS/IDS

Date	Description
2014-01-10	RealNetworks RealPlayer invalid chunk size heap overflow attempt RuleID : 17666 - Revision : 13 - Type : FILE-MULTIMEDIA
2014-01-10	Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt RuleID : 15462 - Revision : 20 - Type : BROWSER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-762.nasl - Type : ACT_GATHER_INFO
2007-01-08	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-788.nasl - Type : ACT_GATHER_INFO
2006-05-13	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_fe4c84fcbdb511dab7d400123ffe8333.nasl - Type : ACT_GATHER_INFO
2006-03-27	Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_018.nasl - Type : ACT_GATHER_INFO
2006-03-24	Name : The remote Windows application is affected by several issues. File : realplayer_6_0_12_1483.nasl - Type : ACT_GATHER_INFO
2005-10-05	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-788.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/17202
CERT-VN	http://www.kb.cert.org/vuls/id/172489
CONFIRM	http://www.service.real.com/realplayer/security/03162006_player/en/
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2005-762.html http://www.redhat.com/support/errata/RHSA-2005-788.html
SECTRACK	http://securitytracker.com/id?1015808
SECUNIA	http://secunia.com/advisories/19358 http://secunia.com/advisories/19365
SUSE	http://www.novell.com/linux/security/advisories/2006_18_realplayer.html
VUPEN	http://www.vupen.com/english/advisories/2006/1057
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/25409

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:03:10	Multiple Updates
2021-04-22 01:03:27	Multiple Updates
2020-05-23 00:16:49	Multiple Updates
2017-10-11 09:23:34	Multiple Updates
2017-07-11 12:02:00	Multiple Updates
2016-04-26 13:48:18	Multiple Updates
2014-02-17 10:32:52	Multiple Updates
2014-01-19 21:22:55	Multiple Updates
2013-05-11 11:31:29	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	32
Sources(s)	12
Saint Exploit(s)	1
osvdb(s)	1
Openvas Exploit(s)	1
Snort® Rule(s)	2
Nessus® Exploit(s)	6

	Related
9.3	RHSA-2005:788
9.3	RHSA-2005:762
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)