Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2007-5601 | First vendor Publication | 2007-10-20 |
| Vendor | Cve | Last vendor Modification | 2017-07-29 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5601 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
SAINT Exploits
| Description | Link |
|---|---|
| RealPlayer ActiveX control playlist name buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 41430 | RealPlayer ActiveX (ierpplug.dll) Playlist Handling Overflow A buffer overflow exists in RealPlayer. The ierpplug.dll ActiveX control fails to validate playlist file names resulting in a stack overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-03-14 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 36496 - Revision : 2 - Type : BROWSER-PLUGINS |
| 2016-03-14 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 36495 - Revision : 2 - Type : BROWSER-PLUGINS |
| 2014-01-10 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 17425 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 16609 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | RealNetworks RealPlayer obfuscated Ierpplug.dll ActiveX exploit attempt RuleID : 12775 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | RealPlayer Ierpplug.dll ActiveX function call unicode access RuleID : 12663 - Revision : 7 - Type : WEB-ACTIVEX |
| 2014-01-10 | RealNetworks RealPlayer Ierpplug.dll ActiveX function call access RuleID : 10194 - Revision : 22 - Type : BROWSER-PLUGINS |
| 2014-01-10 | RealNetworks RealPlayer Ierpplug.dll ActiveX function call access RuleID : 10193 - Revision : 21 - Type : BROWSER-PLUGINS |
| 2014-01-10 | RealNetworks RealPlayer Ierpplug.dll ActiveX clsid access RuleID : 10192 - Revision : 25 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-10-23 | Name : The remote Windows host contains an application that is affected by a buffer ... File : realplayer_playlist_handling_overflow.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:06:34 |
|
| 2021-04-22 01:07:06 |
|
| 2020-05-23 13:16:49 |
|
| 2020-05-23 00:20:39 |
|
| 2017-07-29 12:02:38 |
|
| 2016-04-26 16:44:21 |
|
| 2014-02-17 10:42:17 |
|
| 2014-01-19 21:24:32 |
|
| 2013-05-11 10:39:58 |
|
