9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.96 High
EPSS
Percentile
99.5%
Secunia reports:
Multiple vulnerabilities have been reported in
RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious
people to compromise a user’s system.
An input validation error when processing .RA/.RAM files can be
exploited to cause a heap corruption via a specially crafted
.RA/.RAM file with an overly large size field in the header.
An error in the processing of .PLS files can be exploited to cause
a memory corruption and execute arbitrary code via a specially
crafted .PLS file.
An input validation error when parsing .SWF files can be exploited
to cause a buffer overflow via a specially crafted .SWF file with
malformed record headers.
A boundary error when processing rm files can be exploited to
cause a buffer overflow.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | linux-realplayer | = 10.0.5 | UNKNOWN |
FreeBSD | any | noarch | linux-realplayer | < 10.0.9.809.20070726 | UNKNOWN |