Lucene search

K
cveMitreCVE-2006-0323
HistoryMar 23, 2006 - 11:06 p.m.

CVE-2006-0323

2006-03-2323:06:00
CWE-119
mitre
web.nvd.nist.gov
38
cve-2006-0323
buffer overflow
swfformat.dll
realnetworks
remote code execution
crafted swf files

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.968

Percentile

99.7%

Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.

Affected configurations

Nvd
Node
realnetworkshelix_player
OR
realnetworksrealone_player
OR
realnetworksrealplayerMatch10.0gold
OR
realnetworksrealplayerMatch10.0.6
OR
realnetworksrealplayerMatch10.5
OR
realnetworksrhapsodyMatch3
VendorProductVersionCPE
realnetworkshelix_player*cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*
realnetworksrealone_player*cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:gold:*:*:*:*:*:*
realnetworksrealplayer10.0.6cpe:2.3:a:realnetworks:realplayer:10.0.6:*:*:*:*:*:*:*
realnetworksrealplayer10.5cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
realnetworksrhapsody3cpe:2.3:a:realnetworks:rhapsody:3:*:*:*:*:*:*:*

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.968

Percentile

99.7%