Executive Summary
Summary | |
---|---|
Title | RealPlayer file deletion overflow vulnerability |
Informations | |||
---|---|---|---|
Name | VU#461187 | First vendor Publication | 2008-07-28 |
Vendor | VU-CERT | Last vendor Modification | 2008-07-28 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#461187RealPlayer file deletion overflow vulnerabilityOverviewRealPlayer contains a buffer overflow vulnerability that may allow an attacker to execute code on a vulnerable system.I. DescriptionRealPlayer media player that is distributed by RealNetworks. RealPlayer supports streaming and local media.Per the Zero Day Initiative advisory ZDI-08-046:
II. ImpactBy convincing a user to visit a website, a remote attacker may be able to execute arbitrary code.III. SolutionUpgradeRealPlayer updates for multiple operating systems are available on the RealNetworks support site. Users are encouraged to apply updates as soon as possible.
References
Thanks to ZDI for information that was used in this report. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/461187 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
SAINT Exploits
Description | Link |
---|---|
RealPlayer rjbdll.dll ActiveX Control file import buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
48286 | RealPlayer rjbdll.dll ActiveX Media Library File Deletion Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 36496 - Revision : 2 - Type : BROWSER-PLUGINS |
2016-03-14 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 36495 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 17425 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 16609 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer Ierpplug.dll ActiveX function call unicode access RuleID : 12663 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer Ierpplug.dll ActiveX function call access RuleID : 10194 - Revision : 22 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer Ierpplug.dll ActiveX function call access RuleID : 10193 - Revision : 21 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer Ierpplug.dll ActiveX clsid access RuleID : 10192 - Revision : 25 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-07-28 | Name : The remote Windows application is affected by at least one security vulnerabi... File : realplayer_6_0_14_806.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:57:06 |
|