CVE-2007-5081

Published Oct 31, 2007

Last updated 7 years ago

Overview

Description: Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Vendor comments

Red HatThis issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007: http://rhn.redhat.com/errata/RHSA-2007-0841.html)on (Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007)

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:mac:en:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E42CFE29-8AF0-4FAE-88FD-4E2D373FE16D"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:windows:en:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "880F633E-3833-4E07-91AE-F11E77DC3AF4"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72F332E7-13EA-447D-8116-7CD404120040"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15FABF57-B77B-49FF-BEAF-1E0D6BD4B66F"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.305:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "995983E3-6968-4071-A3E7-BC84800894C9"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.331:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D5A55EF-BFC7-4703-B115-910DC8338733"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.0.352:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4FE917E-31A3-4065-B723-FACECEB1BEB8"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.5:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28F3DFCA-C0E8-43FC-B313-7E21978AE481"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.6:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A874D31-8FDB-456C-ABF8-94F812DD1B67"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.7:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB81B184-CD30-42DD-8BA6-BED303BF6377"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.8:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F62E12E0-D806-40F4-8779-18679572AD04"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:10.0.9:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5567F40F-B04C-4866-A7B2-C796AAA0CE86"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.396:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84E4F874-E9A5-40F1-82CF-5C2E4749DF6C"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:10.0.0.412:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBC0DDE6-356C-4EE7-83E1-7EF5A0C5A751"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB3CC6D6-334F-4F9C-8A5C-7EC3DCACEC50"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "414712E9-6901-4D33-B970-36CC238D4257"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35AAD3FF-B70E-46CB-A3C1-34B2412EE6EC"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA78969A-CBAE-4B67-96E7-F7EC9FD78E38"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9BA3DF0-9785-4F70-A9A3-38F657B52AA7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References