Executive Summary
Summary | |
---|---|
Title | RealPlayer playlist name stack buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#871673 | First vendor Publication | 2007-10-20 |
Vendor | VU-CERT | Last vendor Modification | 2007-11-15 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#871673RealPlayer playlist name stack buffer overflowOverviewRealPlayer contains a stack buffer overflow in the handling of playlist names, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionRealNetworks RealPlayer is a multimedia application that allows users to view local and remote audio/video content. The RealPlayer Database Component, which is provided by MPAMedia.dll, contains a stack buffer overflow in the handling of playlist names. The RealPlayer IERPCtl ActiveX control, which is provided by ierpplug.dll, can be used to import a local file into a specified playlist in RealPlayer. This can be used to trigger the buffer overflow vulnerability. The ActiveX control is present in RealPlayer version 9 (RealOne Player) and later.II. ImpactBy convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user on a vulnerable system.III. SolutionApply an updatePlease see the Security Update from RealNetworks. The update will provide newer versions of the RealPlayer Database Component for RealPlayer 10.5 and RealPlayer 11 beta. Users with RealOne Player, RealOne Player v2, or RealPlayer 10 should first update to RealPlayer 10.5 or later and then apply the security update.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5}] "Compatibility Flags"=dword:00000400 Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Systems Affected
Referenceshttp://www.cert.org/tech_tips/securing_browser/#Internet_Explorer This vulnerability was analyzed and confirmed by US-CERT on October 13, 2007. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/871673 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
SAINT Exploits
Description | Link |
---|---|
RealPlayer ActiveX control playlist name buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41430 | RealPlayer ActiveX (ierpplug.dll) Playlist Handling Overflow A buffer overflow exists in RealPlayer. The ierpplug.dll ActiveX control fails to validate playlist file names resulting in a stack overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 36496 - Revision : 2 - Type : BROWSER-PLUGINS |
2016-03-14 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 36495 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 17425 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 16609 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer obfuscated Ierpplug.dll ActiveX exploit attempt RuleID : 12775 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer Ierpplug.dll ActiveX function call unicode access RuleID : 12663 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer Ierpplug.dll ActiveX function call access RuleID : 10194 - Revision : 22 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer Ierpplug.dll ActiveX function call access RuleID : 10193 - Revision : 21 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer Ierpplug.dll ActiveX clsid access RuleID : 10192 - Revision : 25 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-10-23 | Name : The remote Windows host contains an application that is affected by a buffer ... File : realplayer_playlist_handling_overflow.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:08:14 |
|