**CentOS Errata and Security Advisory** CESA-2005:788
HelixPlayer is a media player.
A format string bug was discovered in the way HelixPlayer processes RealPix
(.rp) files. It is possible for a malformed RealPix file to execute
arbitrary code as the user running HelixPlayer. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710
to this issue.
All users of HelixPlayer are advised to upgrade to this updated package,
which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.
**Merged security bulletin from advisories:**
https://lists.centos.org/pipermail/centos-announce/2005-September/074369.html
https://lists.centos.org/pipermail/centos-announce/2005-September/074370.html
**Affected packages:**
HelixPlayer
**Upstream details at:**
https://access.redhat.com/errata/RHSA-2005:788
{"redhat": [{"lastseen": "2021-10-21T04:43:59", "description": "HelixPlayer is a media player.\r\n\r\nA format string bug was discovered in the way HelixPlayer processes RealPix\r\n(.rp) files. It is possible for a malformed RealPix file to execute\r\narbitrary code as the user running HelixPlayer. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710\r\nto this issue.\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-09-27T00:00:00", "type": "redhat", "title": "(RHSA-2005:788) HelixPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2017-09-08T08:16:41", "id": "RHSA-2005:788", "href": "https://access.redhat.com/errata/RHSA-2005:788", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:00", "description": "RealPlayer is a media player that provides media playback locally and\r\nvia streaming.\r\n\r\nA format string bug was discovered in the way RealPlayer processes RealPix\r\n(.rp) files. It is possible for a malformed RealPix file to execute\r\narbitrary code as the user running RealPlayer. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710\r\nto this issue.\r\n\r\nAll users of RealPlayer are advised to upgrade to this updated package,\r\nwhich contains RealPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-09-27T00:00:00", "type": "redhat", "title": "(RHSA-2005:762) RealPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2018-05-26T00:26:19", "id": "RHSA-2005:762", "href": "https://access.redhat.com/errata/RHSA-2005:762", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-11-28T14:54:57", "description": "An updated HelixPlayer package that fixes a string format issue is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "RHEL 4 : HelixPlayer (RHSA-2005:788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:helixplayer", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-788.NASL", "href": "https://www.tenable.com/plugins/nessus/19836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:788. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19836);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\");\n script_xref(name:\"RHSA\", value:\"2005:788\");\n\n script_name(english:\"RHEL 4 : HelixPlayer (RHSA-2005:788)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a string format issue is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running HelixPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains HelixPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:788\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:788\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:25:51", "description": "An updated HelixPlayer package that fixes a string format issue is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2007-01-08T00:00:00", "type": "nessus", "title": "CentOS 4 : Helix / Player (CESA-2005:788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:helixplayer", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2005-788.NASL", "href": "https://www.tenable.com/plugins/nessus/23983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:788 and \n# CentOS Errata and Security Advisory 2005:788 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23983);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\");\n script_xref(name:\"RHSA\", value:\"2005:788\");\n\n script_name(english:\"CentOS 4 : Helix / Player (CESA-2005:788)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a string format issue is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running HelixPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains HelixPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012207.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d258f2dc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012208.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7cf68a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected helix and / or player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:58:02", "description": "An updated RealPlayer package that fixes a format string bug is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and via streaming.\n\nA format string bug was discovered in the way RealPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : RealPlayer (RHSA-2005:762)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922", "CVE-2005-2969"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:realplayer", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-762.NASL", "href": "https://www.tenable.com/plugins/nessus/63829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:762. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63829);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\", \"CVE-2005-2969\");\n script_xref(name:\"RHSA\", value:\"2005:762\");\n\n script_name(english:\"RHEL 3 / 4 : RealPlayer (RHSA-2005:762)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated RealPlayer package that fixes a format string bug is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and\nvia streaming.\n\nA format string bug was discovered in the way RealPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running RealPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated\npackage, which contains RealPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2629.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2710.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2922.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2005-762.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected RealPlayer and / or realplayer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:RealPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"realplayer-10.0.6-0.rhel3.2\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"RealPlayer-10.0.6-2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:59", "description": "This is a fix for CVE-2005-2710\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "Fedora Core 4 : HelixPlayer-1.0.6-1.fc4.2 (2005-940)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:helixplayer", "p-cpe:/a:fedoraproject:fedora:helixplayer-debuginfo", "cpe:/o:fedoraproject:fedora_core:4"], "id": "FEDORA_2005-940.NASL", "href": "https://www.tenable.com/plugins/nessus/19880", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-940.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19880);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-940\");\n\n script_name(english:\"Fedora Core 4 : HelixPlayer-1.0.6-1.fc4.2 (2005-940)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a fix for CVE-2005-2710\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-September/001425.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?505e859a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected HelixPlayer and / or HelixPlayer-debuginfo\npackages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-1.fc4.2\")) flag++;\nif (rpm_check(release:\"FC4\", cpu:\"i386\", reference:\"HelixPlayer-debuginfo-1.0.6-1.fc4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer / HelixPlayer-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:55:02", "description": "The remote host is affected by the vulnerability described in GLSA-200510-07 (RealPlayer, Helix Player: Format string vulnerability)\n\n 'c0ntex' reported that RealPlayer and Helix Player suffer from a heap overflow.\n Impact :\n\n By enticing a user to play a specially crafted realpix (.rp) or realtext (.rt) file, an attacker could execute arbitrary code with the permissions of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "nessus", "title": "GLSA-200510-07 : RealPlayer, Helix Player: Format string vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:helixplayer", "p-cpe:/a:gentoo:linux:realplayer", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200510-07.NASL", "href": "https://www.tenable.com/plugins/nessus/19977", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200510-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19977);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2710\");\n script_xref(name:\"GLSA\", value:\"200510-07\");\n\n script_name(english:\"GLSA-200510-07 : RealPlayer, Helix Player: Format string vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200510-07\n(RealPlayer, Helix Player: Format string vulnerability)\n\n 'c0ntex' reported that RealPlayer and Helix Player suffer from a heap\n overflow.\n \nImpact :\n\n By enticing a user to play a specially crafted realpix (.rp) or\n realtext (.rt) file, an attacker could execute arbitrary code with the\n permissions of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200510-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All RealPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.6'\n Note to Helix Player users: There is currently no stable secure Helix\n Player package. Affected users should remove the package until an\n updated Helix Player package is released.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:helixplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/helixplayer\", unaffected:make_list(), vulnerable:make_list(\"lt 1.0.6\"))) flag++;\nif (qpkg_check(package:\"media-video/realplayer\", unaffected:make_list(\"ge 10.0.6\"), vulnerable:make_list(\"lt 10.0.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"RealPlayer / Helix Player\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:32", "description": "The remote host is missing the patch for the advisory SUSE-SA:2005:059 (RealPlayer).\n\n\nThe following security issue in RealPlayer was fixed:\n\n- A format string bug in the RealPix (.rp) file format parser (CVE-2005-2710).\n\nThis bug allowed remote attackers to execute arbitrary code by supplying a specially crafted file, e.g via Web page or E-Mail.\n\nNote that we no longer support RealPlayer on the following distributions for some time now:\n- SUSE Linux 9.1\n- SUSE Linux 9.0\n- SUSE Linux Desktop 1.0\n\nOn these distributions, please deinstall RealPlayer by running as root:\n\trpm -e RealPlayer", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "nessus", "title": "SUSE-SA:2005:059: RealPlayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2005_059.NASL", "href": "https://www.tenable.com/plugins/nessus/19996", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:059\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(19996);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2005:059: RealPlayer\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2005:059 (RealPlayer).\n\n\nThe following security issue in RealPlayer was fixed:\n\n- A format string bug in the RealPix (.rp) file format parser\n(CVE-2005-2710).\n\nThis bug allowed remote attackers to execute arbitrary code by\nsupplying a specially crafted file, e.g via Web page or E-Mail.\n\nNote that we no longer support RealPlayer on the following distributions\nfor some time now:\n- SUSE Linux 9.1\n- SUSE Linux 9.0\n- SUSE Linux Desktop 1.0\n\nOn these distributions, please deinstall RealPlayer by running as root:\n\trpm -e RealPlayer\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2005_59_RealPlayer.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/10/11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the RealPlayer package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"RealPlayer-10.0.6-3.2\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.6-1.4\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.6-1.4\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:38", "description": "This is a fix for CVE-2005-2710\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "Fedora Core 3 : HelixPlayer-1.0.6-0.fc3.1 (2005-941)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:helixplayer", "p-cpe:/a:fedoraproject:fedora:helixplayer-debuginfo", "cpe:/o:fedoraproject:fedora_core:3"], "id": "FEDORA_2005-941.NASL", "href": "https://www.tenable.com/plugins/nessus/19881", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-941.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19881);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-941\");\n\n script_name(english:\"Fedora Core 3 : HelixPlayer-1.0.6-0.fc3.1 (2005-941)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a fix for CVE-2005-2710\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-September/001426.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f8088a2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected HelixPlayer and / or HelixPlayer-debuginfo\npackages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"HelixPlayer-1.0.6-0.fc3.1\")) flag++;\nif (rpm_check(release:\"FC3\", cpu:\"i386\", reference:\"HelixPlayer-debuginfo-1.0.6-0.fc3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer / HelixPlayer-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:03:39", "description": "iDefense Reports :\n\nRemote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user.\n\nIn order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a malicious server. Once the user visits a website under the control of an attacker, it is possible in a default install of RealPlayer to force a web-browser to use RealPlayer to connect to an arbitrary server, even when it is not the default application for handling those types, by the use of embedded object tags in a webpage. This may allow automated exploitation when the page is viewed.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "FreeBSD : linux-realplayer -- heap overflow (fe4c84fc-bdb5-11da-b7d4-00123ffe8333)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-realplayer", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FE4C84FCBDB511DAB7D400123FFE8333.NASL", "href": "https://www.tenable.com/plugins/nessus/21544", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21544);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2922\");\n script_xref(name:\"Secunia\", value:\"19358\");\n\n script_name(english:\"FreeBSD : linux-realplayer -- heap overflow (fe4c84fc-bdb5-11da-b7d4-00123ffe8333)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"iDefense Reports :\n\nRemote exploitation of a heap-based buffer overflow in RealNetwork\nInc's RealPlayer could allow the execution of arbitrary code in the\ncontext of the currently logged in user.\n\nIn order to exploit this vulnerability, an attacker would need to\nentice a user to follow a link to a malicious server. Once the user\nvisits a website under the control of an attacker, it is possible in a\ndefault install of RealPlayer to force a web-browser to use RealPlayer\nto connect to an arbitrary server, even when it is not the default\napplication for handling those types, by the use of embedded object\ntags in a webpage. This may allow automated exploitation when the page\nis viewed.\"\n );\n # http://service.real.com/realplayer/security/03162006_player/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.real.com/\"\n );\n # http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3617439\"\n );\n # https://vuxml.freebsd.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?963d2fe4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-realplayer>=10.0.1<10.0.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:05:45", "description": "An integer overflow has been discovered in helix-player, the helix audio and video player. This flaw could allow a remote attacker to run arbitrary code on a victims computer by supplying a specially crafted network resource.", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-915-1 : helix-player - buffer overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:helix-player", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-915.NASL", "href": "https://www.tenable.com/plugins/nessus/22781", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-915. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22781);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2629\");\n script_bugtraq_id(15381);\n script_xref(name:\"DSA\", value:\"915\");\n\n script_name(english:\"Debian DSA-915-1 : helix-player - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to run\narbitrary code on a victims computer by supplying a specially crafted\nnetwork resource.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-915\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the helix-player package.\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-1sarge2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:helix-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"helix-player\", reference:\"1.0.4-1sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:37", "description": "Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources.\n\n - CAN-2005-1766 Buffer overflow in the RealText parser could allow remote code execution via a specially crafted RealMedia file with a long RealText string.\n\n - CAN-2005-2710\n\n Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the image handle attribute in a RealPix (.rp) or RealText (.rt) file.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "Debian DSA-826-1 : helix-player - multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1766", "CVE-2005-2710"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:helix-player", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-826.NASL", "href": "https://www.tenable.com/plugins/nessus/19795", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-826. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19795);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1766\", \"CVE-2005-2710\");\n script_xref(name:\"DSA\", value:\"826\");\n\n script_name(english:\"Debian DSA-826-1 : helix-player - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\n - CAN-2005-1766\n Buffer overflow in the RealText parser could allow\n remote code execution via a specially crafted RealMedia\n file with a long RealText string.\n\n - CAN-2005-2710\n\n Format string vulnerability in Real HelixPlayer and\n RealPlayer 10 allows remote attackers to execute\n arbitrary code via the image handle attribute in a\n RealPix (.rp) or RealText (.rt) file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-826\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the helix-player package.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1\n\nhelix-player was distributed only on the i386 and powerpc\narchitectures\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:helix-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"helix-player\", reference:\"1.0.4-1sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:02:37", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:018 (RealPlayer).\n\n\nThis update fixes the following security problems in Realplayer:\n\n- Specially crafted SWF files could cause a buffer overflow and crash RealPlayer (CVE-2006-0323).\n\n- Specially crafted web sites could cause heap overflow and lead to executing arbitrary code (CVE-2005-2922). This was already fixed with the previously released 1.0.6 version, but not announced on request of Real.\n\nThe advisory for these problems is on this page at Real:\nhttp://service.real.com/realplayer/security/03162006_player/en/\n\nSUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by this problem and receive fixed packages.\n\nIf you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux Desktop 1, we again wish to remind you that the Real player on these products cannot be updated and recommend to deinstall it.", "cvss3": {}, "published": "2006-03-27T00:00:00", "type": "nessus", "title": "SUSE-SA:2006:018: RealPlayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2006_018.NASL", "href": "https://www.tenable.com/plugins/nessus/21150", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:018\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(21150);\n script_version(\"1.9\");\n \n name[\"english\"] = \"SUSE-SA:2006:018: RealPlayer\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:018 (RealPlayer).\n\n\nThis update fixes the following security problems in Realplayer:\n\n- Specially crafted SWF files could cause a buffer overflow and\ncrash RealPlayer (CVE-2006-0323).\n\n- Specially crafted web sites could cause heap overflow and lead to\nexecuting arbitrary code (CVE-2005-2922). This was already fixed\nwith the previously released 1.0.6 version, but not announced on\nrequest of Real.\n\nThe advisory for these problems is on this page at Real:\nhttp://service.real.com/realplayer/security/03162006_player/en/\n\nSUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by\nthis problem and receive fixed packages.\n\nIf you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux\nDesktop 1, we again wish to remind you that the Real player on these\nproducts cannot be updated and recommend to deinstall it.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2006_18_realplayer.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the RealPlayer package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T15:01:33", "description": "According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise for Windows on the remote host is affected by multiple buffer overflow vulnerabilities. \n\nAn attacker may be able to leverage these issues to execute arbitrary code on the remote host subject to the permissions of the user running the affected application. Note that a user doesn't necessarily need to explicitly access a malicious media file since the browser may automatically pass to the application RealPlayer skin files (ie, files with the extension '.rjs').", "cvss3": {}, "published": "2005-11-11T00:00:00", "type": "nessus", "title": "RealPlayer for Windows Multiple Overflows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2630", "CVE-2005-3677"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:realnetworks:realplayer"], "id": "REALPLAYER_6012.NASL", "href": "https://www.tenable.com/plugins/nessus/20184", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20184);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2630\", \"CVE-2005-3677\");\n script_bugtraq_id(15381, 15382, 15383, 15398);\n\n script_name(english:\"RealPlayer for Windows Multiple Overflows\");\n script_summary(english:\"Checks RealPlayer build number\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by several overflow\nvulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its build number, the installed version of RealPlayer /\nRealOne Player / RealPlayer Enterprise for Windows on the remote host\nis affected by multiple buffer overflow vulnerabilities. \n\nAn attacker may be able to leverage these issues to execute arbitrary\ncode on the remote host subject to the permissions of the user running\nthe affected application. Note that a user doesn't necessarily need\nto explicitly access a malicious media file since the browser may\nautomatically pass to the application RealPlayer skin files (ie, files\nwith the extension '.rjs').\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.beyondtrust.com/resources/blog/research/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.beyondtrust.com/resources/blog/research/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/416475\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/help/faq/security/security111005.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/help/faq/security/051110_player/EN/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade according to the vendor advisories referenced above.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/11/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2005/11/10\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:realnetworks:realplayer\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"realplayer_detect.nasl\");\n script_require_keys(\"SMB/RealPlayer/Product\", \"SMB/RealPlayer/Build\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\n# nb: RealOne Player and RealPlayer Enterprise are also affected,\n# but we don't currently know which specific build numbers\n# address the issues.\nprod = get_kb_item(\"SMB/RealPlayer/Product\");\nif (!prod || prod != \"RealPlayer\") exit(0);\n\n\n# Check build.\nbuild = get_kb_item(\"SMB/RealPlayer/Build\");\nif (build)\n{\n # There's a problem if the build is 6.0.12.1235 or older.\n ver = split(build, sep:'.', keep:FALSE);\n if (\n int(ver[0]) < 6 ||\n (\n int(ver[0]) == 6 &&\n int(ver[1]) == 0 && \n (\n int(ver[2]) < 12 ||\n (int(ver[2]) == 12 && int(ver[3]) <= 1235)\n )\n )\n )\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" build \", build, \" is installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:02:37", "description": "According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from one or more buffer overflows involving maliciously- crafted SWF and MBC files as well as web pages. In addition, it also may be affected by a local privilege escalation issue.", "cvss3": {}, "published": "2006-03-24T00:00:00", "type": "nessus", "title": "RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2005-2936", "CVE-2006-0323", "CVE-2006-1370"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/a:realnetworks:realplayer"], "id": "REALPLAYER_6_0_12_1483.NASL", "href": "https://www.tenable.com/plugins/nessus/21140", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21140);\n script_version(\"1.19\");\n\n script_cve_id(\"CVE-2005-2922\", \"CVE-2005-2936\", \"CVE-2006-0323\", \"CVE-2006-1370\");\n script_bugtraq_id(15448, 17202);\n\n script_name(english:\"RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities\");\n script_summary(english:\"Checks RealPlayer build number\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by several issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its build number, the installed version of RealPlayer /\nRealOne Player / RealPlayer Enterprise on the remote Windows host\nsuffers from one or more buffer overflows involving maliciously-\ncrafted SWF and MBC files as well as web pages. In addition, it also\nmay be affected by a local privilege escalation issue.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d16d359\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0b66183\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/realplayer/security/03162006_player/en/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade according to the vendor advisory referenced above.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/11/15\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2006/03/16\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:realnetworks:realplayer\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"realplayer_detect.nasl\");\n script_require_keys(\"SMB/RealPlayer/Product\", \"SMB/RealPlayer/Build\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\n# nb: RealOne Player and RealPlayer Enterprise are also affected,\n# but we don't currently know which specific build numbers\n# address the issues.\nprod = get_kb_item(\"SMB/RealPlayer/Product\");\nif (!prod || prod != \"RealPlayer\") exit(0);\n\n\n# Check build.\nbuild = get_kb_item(\"SMB/RealPlayer/Build\");\nif (!build) exit(0);\n\n# There's a problem if the build is before 6.0.12.1483.\nver = split(build, sep:'.', keep:FALSE);\nif (\n int(ver[0]) < 6 ||\n (\n int(ver[0]) == 6 &&\n int(ver[1]) == 0 && \n (\n int(ver[2]) < 12 ||\n (int(ver[2]) == 12 && int(ver[3]) < 1483)\n )\n )\n)\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" build \", build, \" is installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:14", "description": "RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability \r\n\r\niDEFENSE Security Advisory 09.30.05\r\nwww.idefense.com/application/poi/display?id=311&type=vulnerabilities\r\nSeptember 30, 2005\r\n\r\nI. BACKGROUND\r\n\r\nRealPlayer is an application for playing various media formats,\r\ndeveloped by RealNetworks Inc. For more information, visit\r\nhttp://www.real.com/.\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a format string vulnerability in RealPix (.rp) \r\nfile format parser within various versions of RealNetworks Inc.'s \r\nRealPlayer could allow attackers to execute arbitrary code. \r\n\r\nThe vulnerability specifically exists because of the improper usage of a\r\n\r\nformatted printing function. When a user specifies an invalid value for \r\nthe "timeformat" attribute describing a RealPix file, the data is passed\r\n\r\nto the function. \r\n\r\nThe following stripped down .rp file is sufficient enough to trigger the\r\n\r\nvulnerability: \r\n\r\n <imfl>\r\n <head \r\n title="iDEFENSE Labs RealPix Vulnerability"\r\n timeformat="%n%n%n%n%n%n"/>\r\n </imfl> \r\n\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation allows for arbitrary code execution as the user who opened\r\nthe .rp file.\r\n\r\nExploitation requires an attacker to craft a malicious .rp file and\r\nconvince a user to open it. An attacker could also trick a user to load \r\nthe .rp file from a normal web page under the attacker's control; this \r\nis possible if the user has configured their web browser to handle \r\nRealPlayer formats automatically.\r\n\r\nIV. DETECTION\r\n\r\niDEFENSE Labs has confirmed that RealPlayer 10.0.4.750 on Linux is \r\nvulnerable. Windows and Mac versions of RealPlayer are not vulnerable. \r\nFreeBSD versions are suspected vulnerable.\r\n\r\nThe vendor has indicated that the following versions are vulnerable:\r\n Linux RealPlayer 10 (10.0.0 - 10.0.5)\r\n Helix Player (10.0.0 - 10.0.5)\r\n\r\nThe following vendors include susceptible RealPlayer packages within\r\ntheir respective distributions:\r\n\r\n The FreeBSD Project: FreeBSD 5.3 and earlier\r\n Novell Inc.: SuSE Linux 9.2 \r\n Red Hat Inc.: Desktop v.3 and v.4,\r\n Enterprise Linux AS/ES/WS v.3 and v.4 and Fedora Core 3,\r\n Linux 7.3 and 9 \r\n\r\nV. WORKAROUND\r\n\r\nFilter .rp attachments at e-mail gateways. Educate users about the risks\r\n\r\nof accepting files from untrusted individuals.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nThe vendor had released the following advisory for this vulnerability:\r\n\r\n http://service.real.com/help/faq/security/050930_player/EN/\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-2710 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n08/23/2005 Initial vendor notification\r\n09/02/2005 Initial vendor response\r\n09/30/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\niDEFENSE Labs is credited with this discovery.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2005 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "cvss3": {}, "published": "2005-09-30T00:00:00", "type": "securityvulns", "title": "[Full-disclosure] iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2005-09-30T00:00:00", "id": "SECURITYVULNS:DOC:9834", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9834", "sourceData": "", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:14", "description": "RealPlayer Data Packet Stack Overflow\r\n\r\nRelease Date:\r\nNovember 10, 2005\r\n\r\nDate Reported:\r\nMay 28, 2005\r\n\r\nSeverity:\r\nHigh (Remote Code Execution)\r\n\r\nVendor:\r\nRealNetworks\r\n\r\nSystems Affected:\r\nWindows:\r\nRealPlayer 10.5 (6.0.12.1040-1235)\r\nRealPlayer 10\r\nRealOne Player v2\r\nRealOne Player v1\r\nRealPlayer 8\r\nRealPlayer Enterprise\r\n \r\nMac:\r\nRealPlayer 10\r\n \r\nLinux:\r\nRealPlayer 10 (10.0.0 - 5)\r\nHelix Player (10.0.0 - 5)\r\n\r\nOverview:\r\neEye Digital Security has discovered a critical vulnerability in\r\nRealPlayer. The vulnerability allows a remote attacker to reliably\r\noverwrite stack memory with arbitrary data and execute arbitrary code in\r\nthe context of the user who executed the player.\r\n\r\nThis specific flaw exists in the first data packet contained in a Real\r\nMedia file. By specially crafting a malformed .rm movie file, a direct\r\nstack overwrite is triggered, and reliable code execution is then\r\npossible.\r\n\r\nTechnical Details:\r\nThe vulnerability is triggered by setting the application specific\r\nlength field of the [data packet + 1] to 0x80 - 0xFF this will cause a\r\nstack overflow.\r\nThe value is sign-extended and passed as the length to memcpy.\r\n\r\nProtection:\r\nRetina Network Security Scanner has been updated to identify this\r\nvulnerability.\r\nBlink End Point Protection proactively protects against this\r\nvulnerability\r\n\r\nVendor Status:\r\nRealNetworks has released a patch for this vulnerability. The patch is\r\navailable via the "Check for Update" menu item under Tools on the\r\nRealPlayer menu bar or from\r\nhttp://service.real.com/realplayer/security/.\r\n\r\nCredit:\r\nKarl Lynn\r\n\r\nRelated Links:\r\nThis advisory has been assigned the following ID numbers;\r\n\r\nEEYEB-20050510\r\nOSVDB ID: 18822\r\nCVE ID: CAN-2005-2629\r\n\r\nGreetings:\r\nBrett Moore, Mark Dowd, Paul Gese @ RealNetworks, Mike Schiffman, AJREZ,\r\nLuke, Derek "TEX" Soeder, Andre Audits, "The Claw", and Dug Song. \r\n\r\nCopyright (c) 1998-2005 eEye Digital Security\r\nPermission is hereby granted for the redistribution of this alert\r\nelectronically. It is not to be edited in any way without express\r\nconsent of eEye. If you wish to reprint the whole or any part of this\r\nalert in any other medium excluding electronic medium, please email\r\nalert@eEye.com for permission.\r\n\r\nDisclaimer\r\nThe information within this paper may change without notice. Use of this\r\ninformation constitutes acceptance for use in an AS IS condition. There\r\nare no warranties, implied or express, with regard to this information.\r\nIn no event shall the author be liable for any direct or indirect\r\ndamages whatsoever arising out of or in connection with the use or\r\nspread of this information. Any use of this information is at the user's\r\nown risk.", "cvss3": {}, "published": "2005-11-11T00:00:00", "type": "securityvulns", "title": "[EEYEB-20050510] - RealPlayer Data Packet Stack Overflow", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2629"], "modified": "2005-11-11T00:00:00", "id": "SECURITYVULNS:DOC:10199", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10199", "sourceData": "", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:16", "description": "RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap \r\nOverflow Vulnerability\r\n\r\niDefense Security Advisory 03.23.06\r\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\r\nMarch 23, 2006\r\n\r\nI. BACKGROUND\r\n\r\nRealPlayer is an application for playing various media formats,\r\ndeveloped by RealNetworks Inc. For more information, visit\r\nhttp://www.real.com/.\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a heap-based buffer overflow in RealNetwork Inc's\r\nRealPlayer could allow the execution of arbitrary code in the context of\r\nthe currently logged in user.\r\n\r\nThe vulnerability specifically exists in the handling of the 'chunked'\r\nTransfer-Encoding method. This method breaks the file the server is\r\nsending up into 'chunks'. For each chunk, the server first sends the\r\nlength of the chunk in hexadecimal, followed by the chunk data. This is\r\nrepeated until there are no more chunks. The server then sends a chunk\r\nlength of 0 indicating the end of the transfer.\r\n\r\nThere are multiple ways of triggering this vulnerability.\r\n\r\n * Sending a well-formed chunk header with a length of -1 (FFFFFFFF)\r\n followed by malicious data.\r\n * Sending a well-formed chunk header with a length specified which \r\nis less\r\n than the amount of data that will be sent,\r\n followed by malicious data.\r\n * Not sending a chunk header before sending malicious data.\r\n\r\nEach of these cases result in a heap overflow. Depending on the versions\r\nused, certain of these cases will not cause exploitable issues. However,\r\nthe last case appears to be reliable in triggering a crash.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation allows a remote attacker to execute arbitrary\r\ncode with the privileges of the currently logged in user. In order to\r\nexploit this vulnerability, an attacker would need to entice a user to\r\nfollow a link to a malicious server. Once the user visits a website\r\nunder the control of an attacker, it is possible in a default install of\r\nRealPlayer to force a web-browser to use RealPlayer to connect to an\r\narbitrary server, even when it is not the default application for\r\nhandling those types, by the use of embedded object tags in a webpage.\r\nThis may allow automated exploitation when the page is viewed.\r\n\r\nAs the client sends its version information as part of the request, it\r\nwould be possible for an attacker to create a malicious server which\r\nuses the appropriate offsets and shellcode for each version and platform\r\nof the client.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in RealPlayer\r\nVersion 10.4 and 10.5 for Windows and Both RealPlayer 10.4 and Helix\r\nPlayer 1.4 for Linux.\r\n\r\nThe vendor has stated that the following versions are vulnerable:\r\n * RealPlayer 10.5 (6.0.12.1040-1348)\r\n * RealPlayer 10\r\n * RealOne Player v2\r\n * RealOne Player v1\r\n * RealPlayer 8\r\n\r\nIt is suspected that previous versions of RealPlayer and Helix Player\r\nare affected by this vulnerability.\r\n\r\nV. WORKAROUND\r\n\r\nAlthough there is no way to completely protect yourself from this\r\nvulnerability, aside from removing the RealPlayer software, the\r\nfollowing actions may be taken to minimize the risk of automated\r\nexploitation.\r\n\r\nDisable ActiveX controls and plugins, if not necessary for daily\r\noperations, using the following steps:\r\n\r\n1. In IE, click on Tools and select Internet Options from the drop-down \r\nmenu.\r\n2. Click the Security tab and the Custom Level button.\r\n3. Under ActiveX Controls and Plugins, then Run Activex Controls and \r\nPlugins,\r\nclick the Disable radio button.\r\n\r\nIn general, exploitation requires that a targeted user be socially\r\nengineered into visiting a link to a server controlled by an attacker.\r\nAs such, do not visit unknown/untrusted website and do not follow\r\nsuspicious links.\r\n\r\nWhen possible, run client software, especially applications such as IM\r\nclients, web browsers and e-mail clients, from regular user accounts\r\nwith limited access to system resources. This may limit the immediate\r\nconsequences of client-side vulnerabilities such as this.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nInformation from the vendor about this vulnerability is available at to\r\nfollowing URL:\r\n\r\n http://service.real.com/realplayer/security/03162006_player/en/\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-2922 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n09/08/2005 Initial vendor notification\r\n09/09/2005 Initial vendor response\r\n03/23/2006 Public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was found internally by Greg MacManus of iDefense Labs.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2006 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n\r\n", "cvss3": {}, "published": "2006-03-24T00:00:00", "type": "securityvulns", "title": "iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-24T00:00:00", "id": "SECURITYVULNS:DOC:11925", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11925", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:16", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n______________________________________________________________________________\r\n\r\n SUSE Security Announcement\r\n\r\n Package: RealPlayer\r\n Announcement ID: SUSE-SA:2006:018\r\n Date: Thu, 23 Mar 2006 12:00:00 +0000\r\n Affected Products: Novell Linux Desktop 9\r\n SUSE LINUX 10.0\r\n SUSE LINUX 9.3\r\n SUSE LINUX 9.2\r\n Vulnerability Type: remote code execution\r\n Severity (1-10): 8\r\n SUSE Default Package: yes\r\n Cross-References: CVE-2005-2922, CVE-2006-0323\r\n\r\n Content of This Advisory:\r\n 1) Security Vulnerability Resolved:\r\n realplayer security problems\r\n Problem Description\r\n 2) Solution or Work-Around\r\n 3) Special Instructions and Notes\r\n 4) Package Location and Checksums\r\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\r\n See SUSE Security Summary Report.\r\n 6) Authenticity Verification and Additional Information\r\n\r\n______________________________________________________________________________\r\n\r\n1) Problem Description and Brief Discussion\r\n\r\n This update fixes the following security problems in Realplayer:\r\n\r\n - Specially crafted SWF files could cause a buffer overflow and\r\n crash RealPlayer (CVE-2006-0323).\r\n\r\n - Specially crafted web sites could cause heap overflow and lead to\r\n executing arbitrary code (CVE-2005-2922). This was already fixed\r\n with the previously released 1.0.6 version, but not announced on\r\n request of Real.\r\n\r\n The advisory for these problems is on this page at Real:\r\n http://service.real.com/realplayer/security/03162006_player/en/\r\n\r\n SUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by\r\n this problem and receive fixed packages.\r\n\r\n If you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux\r\n Desktop 1, we again wish to remind you that the Real player on these\r\n products cannot be updated and recommend to deinstall it.\r\n\r\n2) Solution or Work-Around\r\n\r\n There is no known workaround, please install the update packages.\r\n\r\n3) Special Instructions and Notes\r\n\r\n None.\r\n\r\n4) Package Location and Checksums\r\n\r\n The preferred method for installing security updates is to use the YaST\r\n Online Update (YOU) tool. YOU detects which updates are required and\r\n automatically performs the necessary steps to verify and install them.\r\n Alternatively, download the update packages for your distribution manually\r\n and verify their integrity by the methods listed in Section 6 of this\r\n announcement. Then install the packages using the command\r\n\r\n rpm -Fhv <file.rpm>\r\n\r\n to apply the update, replacing <file.rpm> with the filename of the\r\n downloaded RPM package.\r\n\r\n\r\n x86 Platform:\r\n\r\n SUSE LINUX 10.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n eaf09598db97183bdb25478dc5266edf\r\n\r\n SUSE LINUX 9.3:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n 427de6f3af871dca3d9c6c4f42d14793\r\n\r\n SUSE LINUX 9.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n e84dd17634bcb046ade69fcdc8d67468\r\n\r\n Sources:\r\n\r\n SUSE LINUX 10.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/RealPlayer-10.0.7-0.1.nosrc.rpm\r\n d686f982312d06ff76ad786c29c94f5a\r\n\r\n SUSE LINUX 9.3:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/RealPlayer-10.0.7-0.1.src.rpm\r\n 5355bf3f17801d07f9a004711622dc8e\r\n\r\n SUSE LINUX 9.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/RealPlayer-10.0.7-0.1.src.rpm\r\n 0a7e783c563c24107b04b7f7f4e0b697\r\n\r\n Our maintenance customers are notified individually. The packages are\r\n offered for installation from the maintenance web:\r\n\r\n http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/3ad7b20395a03f666b8f4ffe14e9276d.html\r\n\r\n______________________________________________________________________________\r\n\r\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\r\n\r\n See SUSE Security Summary Report.\r\n______________________________________________________________________________\r\n\r\n6) Authenticity Verification and Additional Information\r\n\r\n - Announcement authenticity verification:\r\n\r\n SUSE security announcements are published via mailing lists and on Web\r\n sites. The authenticity and integrity of a SUSE security announcement is\r\n guaranteed by a cryptographic signature in each announcement. All SUSE\r\n security announcements are published with a valid signature.\r\n\r\n To verify the signature of the announcement, save it as text into a file\r\n and run the command\r\n\r\n gpg --verify <file>\r\n\r\n replacing <file> with the name of the file where you saved the\r\n announcement. The output for a valid signature looks like:\r\n\r\n gpg: Signature made <DATE> using RSA key ID 3D25D3D9\r\n gpg: Good signature from "SuSE Security Team <security@suse.de>"\r\n\r\n where <DATE> is replaced by the date the document was signed.\r\n\r\n If the security team's key is not contained in your key ring, you can\r\n import it from the first installation CD. To import the key, use the\r\n command\r\n\r\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\r\n\r\n - Package authenticity verification:\r\n\r\n SUSE update packages are available on many mirror FTP servers all over the\r\n world. While this service is considered valuable and important to the free\r\n and open source software community, the authenticity and the integrity of\r\n a package needs to be verified to ensure that it has not been tampered\r\n with.\r\n\r\n There are two verification methods that can be used independently from\r\n each other to prove the authenticity of a downloaded file or RPM package:\r\n\r\n 1) Using the internal gpg signatures of the rpm package\r\n 2) MD5 checksums as provided in this announcement\r\n\r\n 1) The internal rpm package signatures provide an easy way to verify the\r\n authenticity of an RPM package. Use the command\r\n\r\n rpm -v --checksig <file.rpm>\r\n\r\n to verify the signature of the package, replacing <file.rpm> with the\r\n filename of the RPM package downloaded. The package is unmodified if it\r\n contains a valid signature from build@suse.de with the key ID 9C800ACA.\r\n\r\n This key is automatically imported into the RPM database (on\r\n RPMv4-based distributions) and the gpg key ring of 'root' during\r\n installation. You can also find it on the first installation CD and at\r\n the end of this announcement.\r\n\r\n 2) If you need an alternative means of verification, use the md5sum\r\n command to verify the authenticity of the packages. Execute the command\r\n\r\n md5sum <filename.rpm>\r\n\r\n after you downloaded the file from a SUSE FTP server or its mirrors.\r\n Then compare the resulting md5sum with the one that is listed in the\r\n SUSE security announcement. Because the announcement containing the\r\n checksums is cryptographically signed (by security@suse.de), the\r\n checksums show proof of the authenticity of the package if the\r\n signature of the announcement is valid. Note that the md5 sums\r\n published in the SUSE Security Announcements are valid for the\r\n respective packages only. Newer versions of these packages cannot be\r\n verified.\r\n\r\n - SUSE runs two security mailing lists to which any interested party may\r\n subscribe:\r\n\r\n suse-security@suse.com\r\n - General Linux and SUSE security discussion.\r\n All SUSE security announcements are sent to this list.\r\n To subscribe, send an e-mail to\r\n <suse-security-subscribe@suse.com>.\r\n\r\n suse-security-announce@suse.com\r\n - SUSE's announce-only mailing list.\r\n Only SUSE's security announcements are sent to this list.\r\n To subscribe, send an e-mail to\r\n <suse-security-announce-subscribe@suse.com>.\r\n\r\n For general information or the frequently asked questions (FAQ),\r\n send mail to <suse-security-info@suse.com> or\r\n <suse-security-faq@suse.com>.\r\n\r\n =====================================================================\r\n SUSE's security contact is <security@suse.com> or <security@suse.de>.\r\n The <security@suse.de> public key is listed below.\r\n =====================================================================\r\n______________________________________________________________________________\r\n\r\n The information in this advisory may be distributed or reproduced,\r\n provided that the advisory is not modified in any way. In particular, the\r\n clear text signature should show proof of the authenticity of the text.\r\n\r\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\r\n with respect to the information contained in this security advisory.\r\n\r\nType Bits/KeyID Date User ID\r\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>\r\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>\r\n\r\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\r\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\r\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\r\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\r\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\r\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\r\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\r\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\r\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\r\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\r\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\r\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\r\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\r\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\r\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\r\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\r\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\r\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\r\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\r\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\r\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\r\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\r\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\r\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\r\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\r\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\r\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\r\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\r\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\r\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\r\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\r\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\r\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\r\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\r\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\r\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\r\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\r\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\r\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\r\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\r\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\r\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\r\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\r\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\r\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\r\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\r\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\r\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\r\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\r\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\r\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\r\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\r\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\r\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\r\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\r\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\r\n=ypVs\r\n- -----END PGP PUBLIC KEY BLOCK-----\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\niQEVAwUBRCKOiXey5gA9JdPZAQIpHwf9GLM/WqEyyhEtMDDXZMsQHtH3boux7jt1\r\nu/n6ZnDT7IbEWqMha7KZkI63V1tmPf3jJlJIG/6TcyqZJDg3qdesMVCYgS0KaO3Z\r\nyV/mMKWQBXRpU0AXpGH6uwVMPGxjRD4eC4spWSWLIw6YATWinLnN9AICilBbqgbQ\r\nD/jx6Ga6G8h+BrkH4ZcEzrLu0LtG+4m2PAv5+TNlFLWrlA90Amy8WNwSqCJtMucq\r\nDOC+Xj158Pd8GI5plL2fP85tvf9lOTl2PCmyFTwrK4Us4t2mjTqtSOvN34++oZ83\r\n4CTXKlrOhElpSp6NyZe56i6U22Sw/EhTw3JqlUadW7Ls91mmpqtn2A==\r\n=Lmof\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "securityvulns", "title": "[Full-disclosure] SUSE Security Announcement: RealPlayer security problems (SUSE-SA:2006:018)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2006-03-23T00:00:00", "id": "SECURITYVULNS:DOC:11910", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11910", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2023-11-28T17:05:56", "description": "### Background\n\nRealPlayer is a multimedia player capable of handling multiple multimedia file formats. Helix Player is an open source media player for Linux. \n\n### Description\n\n\"c0ntex\" reported that RealPlayer and Helix Player suffer from a heap overflow. \n\n### Impact\n\nBy enticing a user to play a specially crafted realpix (.rp) or realtext (.rt) file, an attacker could execute arbitrary code with the permissions of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll RealPlayer users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/realplayer-10.0.6\"\n\nNote to Helix Player users: There is currently no stable secure Helix Player package. Affected users should remove the package until an updated Helix Player package is released.", "cvss3": {}, "published": "2005-10-07T00:00:00", "type": "gentoo", "title": "RealPlayer, Helix Player: Format string vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2710"], "modified": "2005-11-22T00:00:00", "id": "GLSA-200510-07", "href": "https://security.gentoo.org/glsa/200510-07", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2023-11-28T15:28:16", "description": "### Overview\n\nHelix Player, and media players based on the Helix Player, contain a format string vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\nHelix Player is used to play various types of media files on UNIX systems. The Helix Media Player contains a format string vulnerability in the routines that handle media files. A remote attacker can exploit this vulnerability by persuading a user to access a specially crafted media file, such as a realpix (*.rp) or realtext (*.rt) file. In addition, web browsers can be configured to automatically launch the Helix Player when media content is encountered, thus an attack may be triggered by visiting a malicious website.\n\nThis issue also affects media players based on the Helix Player, including Real Player for Linux systems. Note there is publicly available exploit code for this vulnerability. \n \n--- \n \n### Impact\n\nA remote attacker may be able to execute arbitrary code with the privileges of the Helix Media Player process. \n \n--- \n \n### Solution\n\n**Upgrade **\n\nThis vulnerability was corrected in Helix Player [1.0.6](<https://player.helixcommunity.org/2005/releases/hx1gold/HX1_0_6ReleaseNotes.html>) and Real Player [10](<http://www.real.com/linux>) for Linux. \n \n--- \n \n**Do not access media files from untrusted sources** \n \nAccessing media files from trusted or known sources only will reduce the chances of exploitation.\n\n \n**Disable Helix Player or Real Player for Linux support in the web browser** \n \nConfiguring a web browser to not automatically launch the Helix Player when media content is encountered will reduce the chances of exploitation. \n \n--- \n \n### Vendor Information\n\n361181\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Debian Linux __ Affected\n\nUpdated: September 30, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see <http://www.debian.org/security/2005/dsa-826>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23361181 Feedback>).\n\n### RealNetworks, Inc. Affected\n\nUpdated: September 30, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat, Inc. __ Affected\n\nUpdated: September 29, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nUpdated Helixplayer packages for Red Hat Enterprise Linux 4 and updated RealPlayer packages for Red Hat Enterprise Linux Extras (version 3 and version 4) to correct this issue are available at the URL below and by using the Red Hat Network 'up2date' tool.\n\n<http://rhn.redhat.com/errata/CAN-2005-2710.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <https://player.helixcommunity.org/2005/releases/hx1gold/HX1_0_6ReleaseNotes.html>\n * <http://service.real.com/help/faq/security/050930_player/EN/>\n * <http://www.redhat.com/support/errata/RHSA-2005-788.html>\n * <http://secunia.com/advisories/16954/>\n * <http://secunia.com/advisories/16961/>\n * [http://www.idefense.com/application/poi/display?id=311&type=vulnerabilities&flashstatus=true](<http://www.idefense.com/application/poi/display?id=311&type=vulnerabilities&flashstatus=true>)\n\n### Acknowledgements\n\nThis vulnerability was reported by c0ntexb.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-2710](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-2710>) \n---|--- \n**Severity Metric:** | 12.58 \n**Date Public:** | 2005-09-26 \n**Date First Published:** | 2005-09-28 \n**Date Last Updated: ** | 2005-10-04 19:46 UTC \n**Document Revision: ** | 54 \n", "cvss3": {}, "published": "2005-09-28T00:00:00", "type": "cert", "title": "Helix Player format string vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2710"], "modified": "2005-10-04T19:46:00", "id": "VU:361181", "href": "https://www.kb.cert.org/vuls/id/361181", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T15:28:07", "description": "### Overview\n\nNumerous RealNetworks products do not properly handle chunked data. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**RealNetworks RealPlayer**\n\nRealNetworks [RealPlayer](<http://www.real.com/>) is a multimedia application that allows users to view local and remote audio/video content. \n \n**Chunked Encoding** \n \nChunked encoding is a means to transfer variable-sized units of data (called chunks) from a web client to a web server. \n \n**The Problem** \n \nNumerous RealNetworks products fail to properly handle file chunks allowing a buffer overflow to occur. By persuading a user to access a RealPlayer file hosted on a malicious server, a remote attacker may be able to execute arbitrary code. \n \n**Considerations** \n \nA complete list of affected software is available in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n### Impact\n\nBy convincing a user to open RealPlayer file hosted on a malicious server, a remote unauthenticated attacker can execute arbitrary code. \n \n--- \n \n### Solution\n\n**Patch RealPlayer**\n\nApply the patches supplied in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n**Disable RealPlayer in your web browser**\n\n \nAn attacker may be able to exploit this vulnerability by persuading a user to access a RealPlayer file with a web browser. Disabling RealPlayer in the web browser will eliminate this attack vector thereby reducing the chances of exploitation. \n \nTo disable RealPlayer in Microsoft Internet Explorer, disable the RealPlayer ActiveX control. In other web browsers, such as Mozilla Firefox, disable the RealPlayer plugin. \n \n--- \n \n### Vendor Information\n\n172489\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### RealNetworks, Inc. __ Affected\n\nUpdated: April 05, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://service.real.com/realplayer/security/03162006_player/en/>. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23172489 Feedback>).\n\n### Red Hat, Inc. __ Affected\n\nUpdated: May 17, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis issue affected HelixPlayer in Red Hat Enterprise Linux 4, and RealPlayer in Red Hat Enterprise Linux Extras 3 and 4. Updated packages are available along with our advisories at the URL below and by using the Red Hat Network 'up2date' tool.\n\n<https://rhn.redhat.com/cve/CVE-2005-2922.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404>\n * <http://securitytracker.com/id?1015808>\n * <http://www.service.real.com/realplayer/security/03162006_player/en/>\n * <http://secunia.com/advisories/19358/>\n * <http://secunia.com/advisories/19365/>\n\n### Acknowledgements\n\nThis vulnerability was reported by iDEFENSE Labs.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-2922](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-2922>) \n---|--- \n**Severity Metric:** | 20.20 \n**Date Public:** | 2006-03-23 \n**Date First Published:** | 2006-04-05 \n**Date Last Updated: ** | 2006-05-17 12:45 UTC \n**Document Revision: ** | 33 \n", "cvss3": {}, "published": "2006-04-05T00:00:00", "type": "cert", "title": "RealNetworks products fail to properly handle chunked data", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-05-17T12:45:00", "id": "VU:172489", "href": "https://www.kb.cert.org/vuls/id/172489", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:49:56", "description": "The remote host is missing updates announced in\nadvisory GLSA 200510-07.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200510-07 (realplayer helixplayer)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55573", "href": "http://plugins.openvas.org/nasl.php?oid=55573", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"RealPlayer and Helix Player are vulnerable to a format string vulnerability\nresulting in the execution of arbitrary code.\";\ntag_solution = \"All RealPlayer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.6'\n\nAll Helix Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/helixplayer-1.0.6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200510-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=107309\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200510-07.\";\n\n \n\nif(description)\n{\n script_id(55573);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-2710\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200510-07 (realplayer helixplayer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/realplayer\", unaffected: make_list(\"ge 10.0.6\"), vulnerable: make_list(\"lt 10.0.6\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"media-video/helixplayer\", unaffected: make_list(\"ge 1.0.6\"), vulnerable: make_list(\"lt 1.0.6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:55", "description": "The remote host is missing an update to helix-player\nannounced via advisory DSA 915-1.\n\nAn integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to\nrun arbitrary code on a victims computer by supplying a specially\ncrafted network resource.\n\nThis vulnerability is fixed by version 1.0.6-1 in unstable.\nHelix-player is not currently in the testing distribution.\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 915-1 (helix-player)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55945", "href": "http://plugins.openvas.org/nasl.php?oid=55945", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_915_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 915-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-1sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.0.6-1.\n\nWe recommend that you upgrade your helix-player package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20915-1\";\ntag_summary = \"The remote host is missing an update to helix-player\nannounced via advisory DSA 915-1.\n\nAn integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to\nrun arbitrary code on a victims computer by supplying a specially\ncrafted network resource.\n\nThis vulnerability is fixed by version 1.0.6-1 in unstable.\nHelix-player is not currently in the testing distribution.\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.\";\n\n\nif(description)\n{\n script_id(55945);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2629\");\n script_bugtraq_id(15381);\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 915-1 (helix-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"helix-player\", ver:\"1.0.4-1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:19", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: linux-realplayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2016-09-22T00:00:00", "id": "OPENVAS:56447", "href": "http://plugins.openvas.org/nasl.php?oid=56447", "sourceData": "#\n#VID fe4c84fc-bdb5-11da-b7d4-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: linux-realplayer\n\nCVE-2005-2922\nHeap-based buffer overflow in the embedded player in multiple\nRealNetworks products and versions including RealPlayer 10.x, RealOne\nPlayer, and Helix Player allows remote malicious servers to cause a\ndenial of service (crash) and possibly execute arbitrary code via a\nchunked Transfer-Encoding HTTP response in which either (1) the chunk\nheader length is specified as -1, (2) the chunk header with a length\nthat is less than the actual amount of sent data, or (3) a missing\nchunk header.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://service.real.com/realplayer/security/03162006_player/en/\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\nhttp://secunia.com/advisories/19358/\nhttp://www.vuxml.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56447);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(17202);\n script_cve_id(\"CVE-2005-2922\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: linux-realplayer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-realplayer\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.1\")>=0 && revcomp(a:bver, b:\"10.0.6\")<0) {\n txt += 'Package linux-realplayer version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:03", "description": "The remote host is missing an update to helix-player\nannounced via advisory DSA 826-1.\n\nMultiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\nCVE-2005-1766\nBuffer overflow in the RealText parser could allow remote code\nexecution via a specially crafted RealMedia file with a long\nRealText string.\n\nCVE-2005-2710\nFormat string vulnerability in Real HelixPlayer and RealPlayer 10\nallows remote attackers to execute arbitrary code via the image\nhandle attribute in a RealPix (.rp) or RealText (.rt) file.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 826-1 (helix-player)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1766", "CVE-2005-2710"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55491", "href": "http://plugins.openvas.org/nasl.php?oid=55491", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_826_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 826-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.6-1\n\nWe recommend that you upgrade your helix-player package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20826-1\";\ntag_summary = \"The remote host is missing an update to helix-player\nannounced via advisory DSA 826-1.\n\nMultiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\nCVE-2005-1766\nBuffer overflow in the RealText parser could allow remote code\nexecution via a specially crafted RealMedia file with a long\nRealText string.\n\nCVE-2005-2710\nFormat string vulnerability in Real HelixPlayer and RealPlayer 10\nallows remote attackers to execute arbitrary code via the image\nhandle attribute in a RealPix (.rp) or RealText (.rt) file.\";\n\n\nif(description)\n{\n script_id(55491);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-1766\", \"CVE-2005-2710\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 826-1 (helix-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"helix-player\", ver:\"1.0.4-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2023-11-28T14:42:32", "description": "Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.", "cvss3": {}, "published": "2005-09-27T20:03:00", "type": "cve", "title": "CVE-2005-2710", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2710"], "modified": "2017-10-11T01:30:00", "cpe": ["cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:helix_player:*"], "id": "CVE-2005-2710", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2710", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:43:25", "description": "Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.", "cvss3": {}, "published": "2005-12-31T05:00:00", "type": "cve", "title": "CVE-2005-2922", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2017-10-11T01:30:00", "cpe": ["cpe:/a:realnetworks:realplayer:10.0.5", "cpe:/a:realnetworks:helix_player:10.0.1", "cpe:/a:realnetworks:realone_player:1.0", "cpe:/a:realnetworks:realplayer:8.0", "cpe:/a:realnetworks:realone_player:0.297", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:realone_player:2.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053", "cpe:/a:realnetworks:helix_player:10.0.2", "cpe:/a:realnetworks:realone_player:*", "cpe:/a:realnetworks:realplayer:10.0.3", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:helix_player:10.0.3", "cpe:/a:realnetworks:helix_player:10.0.4", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1059", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1056", "cpe:/a:realnetworks:realplayer:10.0.2", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:rhapsody:3.0", "cpe:/a:realnetworks:helix_player:10.0.6", "cpe:/a:realnetworks:realplayer:10.0.0.305", "cpe:/a:realnetworks:helix_player:10.0.5", "cpe:/a:realnetworks:realplayer:10.0.4", "cpe:/a:realnetworks:realplayer:10.0.0.331", "cpe:/a:realnetworks:helix_player:10.0", "cpe:/a:realnetworks:rhapsody:3.0_build_0.815", "cpe:/a:realnetworks:realplayer:10.0.6", "cpe:/a:realnetworks:realplayer:10.0.1", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1069", "cpe:/a:realnetworks:realone_player:0.288", "cpe:/a:realnetworks:realplayer:*", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1235"], "id": "CVE-2005-2922", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2922", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:realnetworks:helix_player:10.0.2:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.5:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.0.305:*:mac_os:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.6:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.6:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.0.331:*:mac_os:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.3:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.4:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.3:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:rhapsody:3.0_build_0.815:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.4:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.5:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.2:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:0.288:*:mac_os_x:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:rhapsody:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:0.297:*:mac_os_x:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:42:15", "description": "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.", "cvss3": {}, "published": "2005-11-18T23:03:00", "type": "cve", "title": "CVE-2005-2629", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2004-1481", "CVE-2005-2629"], "modified": "2018-05-03T01:29:00", "cpe": ["cpe:/a:realnetworks:helix_player:1.0.2", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1235", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1059", "cpe:/a:realnetworks:helix_player:1.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1056", "cpe:/a:realnetworks:helix_player:1.0.1", "cpe:/a:realnetworks:helix_player:1.0.4", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1069", "cpe:/a:realnetworks:realplayer:*", "cpe:/a:realnetworks:realone_player:1.0", "cpe:/a:realnetworks:helix_player:1.0.5", "cpe:/a:realnetworks:realplayer:8.0", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:helix_player:1.0.3", "cpe:/a:realnetworks:realone_player:2.0"], "id": "CVE-2005-2629", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2629", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:realnetworks:realplayer:10.0:*:mac_os_x:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0.4:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0.2:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0.5:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:1.0.3:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:46:30", "description": "Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.", "cvss3": {}, "published": "2005-11-18T23:03:00", "type": "cve", "title": "CVE-2005-3677", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2629", "CVE-2005-2630", "CVE-2005-3677"], "modified": "2016-10-18T03:36:00", "cpe": ["cpe:/a:realnetworks:realplayer:10.5_6.0.12.1059", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1056", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1069", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1235"], "id": "CVE-2005-3677", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3677", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*"]}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:43:32", "description": "RealPlayer and Helix Player are media players developed by RealNetworks, Inc. These applications are capable of playing back numerous multimedia file formats. They support a streaming slide show technology called RealPix that allows for the creation of presentations that include image content. The RealPix format is a proprietary RealNetworks multimedia format. A format string vulnerability exists in the RealNetworks RealPlayer and Helix Player products. A remote user may exploit this flaw by supplying a crafted RealPix multimedia file to a vulnerable target. The vulnerability may be exploited to divert process flow of the vulnerable application and execute arbitrary code in the security context of the current user running the vulnerable product. In an unsuccessful code injection attack case, the vulnerable application may unexpectedly terminate as a result. In a successful attack scenario, arbitrary code may be injected and executed on the target system. In such a case, the behaviour of the target system is dependent on the intent of the malicious code.", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "checkpoint_advisories", "title": "RealNetworks RealPlayer Error Message Format String (CVE-2005-2710)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2710"], "modified": "2009-10-11T00:00:00", "id": "CPAI-2005-305", "href": "", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2021-06-08T18:40:21", "description": "The following security issue in RealPlayer was fixed: - A format string bug in the RealPix (.rp) file format parser (CAN-2005-2710). This bug allowed remote attackers to execute arbitrary code by supplying a specially crafted file, e.g via Web page or E-Mail. Note that we no longer support RealPlayer on the following distributions for some time now: - SUSE Linux 9.1 - SUSE Linux 9.0 - SUSE Linux Desktop 1.0 On these distributions, please deinstall RealPlayer by running as root: rpm -e RealPlayer 2) Solution or Work-Around\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2005-10-10T13:36:54", "type": "suse", "title": "remote code execution in RealPlayer", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2005-2710"], "modified": "2005-10-10T13:36:54", "id": "SUSE-SA:2005:059", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-10/msg00011.html", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:40:21", "description": "This update fixes the following security problems in Realplayer:\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2006-03-23T12:04:47", "type": "suse", "title": "remote code execution in RealPlayer", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2006-03-23T12:04:47", "id": "SUSE-SA:2006:018", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-03/msg00016.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osv": [{"lastseen": "2022-07-21T08:20:51", "description": "\nAn integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to\nrun arbitrary code on a victims computer by supplying a specially\ncrafted network resource.\n\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.\n\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-1sarge2.\n\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.0.6-1.\n\n\nWe recommend that you upgrade your helix-player package.\n\n\n", "cvss3": {}, "published": "2005-12-02T00:00:00", "type": "osv", "title": "helix-player - buffer overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2629"], "modified": "2022-07-21T05:51:32", "id": "OSV:DSA-915-1", "href": "https://osv.dev/vulnerability/DSA-915-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:16:46", "description": "\nMultiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\n\n* [CAN-2005-1766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1766)\nBuffer overflow in the RealText parser could allow remote code\n execution via a specially crafted RealMedia file with a long\n RealText string.\n* [CAN-2005-2710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2710)\nFormat string vulnerability in Real HelixPlayer and RealPlayer 10\n allows remote attackers to execute arbitrary code via the image\n handle attribute in a RealPix (.rp) or RealText (.rt) file.\n\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.6-1\n\n\nWe recommend that you upgrade your helix-player package.\n\n\nhelix-player was distributed only on the i386 and powerpc architectures\n\n\n", "cvss3": {}, "published": "2005-09-29T00:00:00", "type": "osv", "title": "helix-player - multiple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-1766", "CVE-2005-2710"], "modified": "2022-08-10T07:16:45", "id": "OSV:DSA-826-1", "href": "https://osv.dev/vulnerability/DSA-826-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T02:54:07", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 915-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 2nd, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : helix-player\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2629\nBugTraq ID : 15381\n\nAn integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to\nrun arbitrary code on a victims computer by supplying a specially\ncrafted network resource.\n\nThis vulnerability is fixed by version 1.0.6-1 in unstable.\nHelix-player is not currently in the testing distribution.\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-1sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.0.6-1.\n\nWe recommend that you upgrade your helix-player package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.dsc\n Size/MD5 checksum: 908 5abe49b8d746b78b1f70016382d44a35\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.diff.gz\n Size/MD5 checksum: 9113 b7103af4ca93cb52cd548a4f7da43c3b\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz\n Size/MD5 checksum: 18044552 a277710be35426b317869503a4ad36d7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_i386.deb\n Size/MD5 checksum: 4289142 afe49d505b51edefe6b66e92720e9a62\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_powerpc.deb\n Size/MD5 checksum: 4415648 9a9ad7733abed7ffcd6c69ce366d576c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-12-02T06:35:30", "type": "debian", "title": "[SECURITY] [DSA 915-1] New helix-player packages fix arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2629"], "modified": "2005-12-02T06:35:30", "id": "DEBIAN:DSA-915-1:F05AD", "href": "https://lists.debian.org/debian-security-announce/2005/msg00316.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T13:54:28", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 915-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nDecember 2nd, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : helix-player\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-2629\nBugTraq ID : 15381\n\nAn integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to\nrun arbitrary code on a victims computer by supplying a specially\ncrafted network resource.\n\nThis vulnerability is fixed by version 1.0.6-1 in unstable.\nHelix-player is not currently in the testing distribution.\n\nThe old stable distribution (woody) does not contain a helix-player\npackage.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-1sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.0.6-1.\n\nWe recommend that you upgrade your helix-player package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.dsc\n Size/MD5 checksum: 908 5abe49b8d746b78b1f70016382d44a35\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.diff.gz\n Size/MD5 checksum: 9113 b7103af4ca93cb52cd548a4f7da43c3b\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz\n Size/MD5 checksum: 18044552 a277710be35426b317869503a4ad36d7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_i386.deb\n Size/MD5 checksum: 4289142 afe49d505b51edefe6b66e92720e9a62\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_powerpc.deb\n Size/MD5 checksum: 4415648 9a9ad7733abed7ffcd6c69ce366d576c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-12-02T06:35:30", "type": "debian", "title": "[SECURITY] [DSA 915-1] New helix-player packages fix arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2629"], "modified": "2005-12-02T06:35:30", "id": "DEBIAN:DSA-915-1:5BCBD", "href": "https://lists.debian.org/debian-security-announce/2005/msg00316.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T03:08:28", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 826-1 security@debian.org\nhttp://www.debian.org/security/ Michael Stone\nSeptember 29th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : helix-player\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CAN-2005-1766 CAN-2005-2710\nDebian Bug : 316276 330364\n\nMultiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\nCAN-2005-1766\n\n Buffer overflow in the RealText parser could allow remote code\n execution via a specially crafted RealMedia file with a long\n RealText string.\n\nCAN-2005-2710\n\n Format string vulnerability in Real HelixPlayer and RealPlayer 10\n allows remote attackers to execute arbitrary code via the image\n handle attribute in a RealPix (.rp) or RealText (.rt) file.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.6-1\n\nWe recommend that you upgrade your helix-player package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\nhelix-player was distributed only on the i386 and powerpc architecures\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.dsc\n Size/MD5 checksum: 908 6ff062a280bab4db79c04e08278e28d6\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.diff.gz\n Size/MD5 checksum: 7788 1e3280253e2d60701b28b153863b2fd0\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz\n Size/MD5 checksum: 18044552 a277710be35426b317869503a4ad36d7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_i386.deb\n Size/MD5 checksum: 4289094 b3d2934818a2139f309f77e4acd50e3d\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_powerpc.deb\n Size/MD5 checksum: 4415404 f771482fd671da4848d6a496df128f69\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-09-29T23:56:37", "type": "debian", "title": "[SECURITY] [DSA 826-1] New helix-player packages fix multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-1766", "CVE-2005-2710"], "modified": "2005-09-29T23:56:37", "id": "DEBIAN:DSA-826-1:FD2FD", "href": "https://lists.debian.org/debian-security-announce/2005/msg00218.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T14:11:02", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 826-1 security@debian.org\nhttp://www.debian.org/security/ Michael Stone\nSeptember 29th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : helix-player\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CAN-2005-1766 CAN-2005-2710\nDebian Bug : 316276 330364\n\nMultiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.\n\nCAN-2005-1766\n\n Buffer overflow in the RealText parser could allow remote code\n execution via a specially crafted RealMedia file with a long\n RealText string.\n\nCAN-2005-2710\n\n Format string vulnerability in Real HelixPlayer and RealPlayer 10\n allows remote attackers to execute arbitrary code via the image\n handle attribute in a RealPix (.rp) or RealText (.rt) file.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.6-1\n\nWe recommend that you upgrade your helix-player package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\nhelix-player was distributed only on the i386 and powerpc architecures\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.dsc\n Size/MD5 checksum: 908 6ff062a280bab4db79c04e08278e28d6\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.diff.gz\n Size/MD5 checksum: 7788 1e3280253e2d60701b28b153863b2fd0\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz\n Size/MD5 checksum: 18044552 a277710be35426b317869503a4ad36d7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_i386.deb\n Size/MD5 checksum: 4289094 b3d2934818a2139f309f77e4acd50e3d\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_powerpc.deb\n Size/MD5 checksum: 4415404 f771482fd671da4848d6a496df128f69\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-09-29T23:56:37", "type": "debian", "title": "[SECURITY] [DSA 826-1] New helix-player packages fix multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-1766", "CVE-2005-2710"], "modified": "2005-09-29T23:56:37", "id": "DEBIAN:DSA-826-1:B8F64", "href": "https://lists.debian.org/debian-security-announce/2005/msg00218.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "saint": [{"lastseen": "2016-10-03T15:01:59", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:CB07D6C943AA2B34E7B85CB005E75063", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-07-28T14:33:28", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:74F1BEDE6E32D2B82819435F2160B116", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-20T18:50:11", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<https://vulners.com/cve/CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:32AF98CF80A27AB194B608D45186A636", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T16:46:34", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<https://vulners.com/cve/CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:7A58BDE9BDCCED73750F291E450DEC53", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2023-11-28T16:45:29", "description": "\n\niDefense Reports:\n\nRemote exploitation of a heap-based buffer overflow in\n\t RealNetwork Inc's RealPlayer could allow the execution of\n\t arbitrary code in the context of the currently logged in\n\t user.\nIn order to exploit this vulnerability, an attacker would\n\t need to entice a user to follow a link to a malicious server.\n\t Once the user visits a website under the control of an\n\t attacker, it is possible in a default install of RealPlayer\n\t to force a web-browser to use RealPlayer to connect to an\n\t arbitrary server, even when it is not the default application\n\t for handling those types, by the use of embedded object tags\n\t in a webpage. This may allow automated exploitation when the\n\t page is viewed.\n\n\n", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "freebsd", "title": "linux-realplayer -- heap overflow", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-23T00:00:00", "id": "FE4C84FC-BDB5-11DA-B7D4-00123FFE8333", "href": "https://vuxml.freebsd.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-11-28T16:05:34", "description": "Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player\n1 and 2, and Helix Player 10.0.0 allows remote attackers to execute\narbitrary code via an .rm movie file with a large value in the length field\nof the first data packet, which leads to a stack-based buffer overflow, a\ndifferent vulnerability than CVE-2004-1481.", "cvss3": {}, "published": "2005-11-18T00:00:00", "type": "ubuntucve", "title": "CVE-2005-2629", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2004-1481", "CVE-2005-2629"], "modified": "2005-11-18T00:00:00", "id": "UB:CVE-2005-2629", "href": "https://ubuntu.com/security/CVE-2005-2629", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}]}
HelixPlayer security update
