CVE-2007-2264

Published Oct 31, 2007

Last updated 6 years ago

Overview

Description
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.
Source
cve@mitre.org
NVD status
Modified

Risk scores

CVSS 2.0

Type
Primary
Base score
9.3
Impact score
10
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov
CWE-119

Social media

Hype score
Not currently trending

Vendor comments

  • Red HatThis issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007: http://rhn.redhat.com/errata/RHSA-2007-0841.html)on (Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007)

Configurations