CVE-2007-5601

Published Oct 20, 2007

Last updated 7 years ago

Overview

Description: Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
Source: cret@cert.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Vendor comments

Red HatNot vulnerable. This issue did not affect versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 and 4 Extras or with Red Hat Enterprise Linux 5 Supplementary.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40"
          },
          {
            "criteria": "cpe:2.3:a:realnetworks:realplayer:11_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64C3CD7C-9CD8-4BC3-9ECE-CE39FB02E602"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References