CVE-2007-2263

2007-10-3117:46:00

CWE-119

[email protected]

web.nvd.nist.gov

realnetworks

realplayer

buffer overflow

security vulnerability

swf

flash

nvd

cve-2007-2263

8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.959 High

EPSS

Percentile

99.4%

JSON

Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.

CPENameOperatorVersion
realnetworks:realplayerrealnetworks realplayereq10.0
realnetworks:realplayerrealnetworks realplayereq10.5
realnetworks:realone_playerrealnetworks realone playereq2.0
realnetworks:realplayer_enterpriserealnetworks realplayer enterpriseeq*
realnetworks:realplayerrealnetworks realplayereq10.1
realnetworks:realone_playerrealnetworks realone playereq*

CPE	Name	Operator	Version
realnetworks:realplayer	realnetworks realplayer	eq	10.0
realnetworks:realplayer	realnetworks realplayer	eq	10.5
realnetworks:realone_player	realnetworks realone player	eq	2.0
realnetworks:realplayer_enterprise	realnetworks realplayer enterprise	eq	*
realnetworks:realplayer	realnetworks realplayer	eq	10.1
realnetworks:realone_player	realnetworks realone player	eq	*