iDefense Reports:
Remote exploitation of a heap-based buffer overflow in
RealNetwork Inc's RealPlayer could allow the execution of
arbitrary code in the context of the currently logged in
user.
In order to exploit this vulnerability, an attacker would
need to entice a user to follow a link to a malicious server.
Once the user visits a website under the control of an
attacker, it is possible in a default install of RealPlayer
to force a web-browser to use RealPlayer to connect to an
arbitrary server, even when it is not the default application
for handling those types, by the use of embedded object tags
in a webpage. This may allow automated exploitation when the
page is viewed.
{"id": "FE4C84FC-BDB5-11DA-B7D4-00123FFE8333", "vendorId": null, "type": "freebsd", "bulletinFamily": "unix", "title": "linux-realplayer -- heap overflow", "description": "\n\niDefense Reports:\n\nRemote exploitation of a heap-based buffer overflow in\n\t RealNetwork Inc's RealPlayer could allow the execution of\n\t arbitrary code in the context of the currently logged in\n\t user.\nIn order to exploit this vulnerability, an attacker would\n\t need to entice a user to follow a link to a malicious server.\n\t Once the user visits a website under the control of an\n\t attacker, it is possible in a default install of RealPlayer\n\t to force a web-browser to use RealPlayer to connect to an\n\t arbitrary server, even when it is not the default application\n\t for handling those types, by the use of embedded object tags\n\t in a webpage. This may allow automated exploitation when the\n\t page is viewed.\n\n\n", "published": "2006-03-23T00:00:00", "modified": "2006-03-23T00:00:00", "epss": [{"cve": "CVE-2005-2922", "epss": 0.02392, "percentile": 0.88706, "modified": "2023-11-27"}], "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://vuxml.freebsd.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html", "reporter": "FreeBSD", "references": ["http://service.real.com/realplayer/security/03162006_player/en/", "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404", "http://secunia.com/advisories/19358/"], "cvelist": ["CVE-2005-2922"], "immutableFields": [], "lastseen": "2023-11-28T16:45:29", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2005:788"]}, {"type": "cert", "idList": ["VU:172489"]}, {"type": "cve", "idList": ["CVE-2005-2922"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2005-788.NASL", "FREEBSD_PKG_FE4C84FCBDB511DAB7D400123FFE8333.NASL", "REALPLAYER_6_0_12_1483.NASL", "REDHAT-RHSA-2005-762.NASL", "REDHAT-RHSA-2005-788.NASL", "SUSE_SA_2006_018.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:56447"]}, {"type": "redhat", "idList": ["RHSA-2005:762", "RHSA-2005:788"]}, {"type": "saint", "idList": ["SAINT:32AF98CF80A27AB194B608D45186A636", "SAINT:74F1BEDE6E32D2B82819435F2160B116", "SAINT:7A58BDE9BDCCED73750F291E450DEC53", "SAINT:CB07D6C943AA2B34E7B85CB005E75063"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:11910", "SECURITYVULNS:DOC:11925"]}, {"type": "suse", "idList": ["SUSE-SA:2006:018"]}]}, "score": {"value": 7.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2005:788"]}, {"type": "cert", "idList": ["VU:172489"]}, {"type": "cve", "idList": ["CVE-2005-2922"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2005-788.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:56447"]}, {"type": "redhat", "idList": ["RHSA-2005:788"]}, {"type": "saint", "idList": ["SAINT:32AF98CF80A27AB194B608D45186A636"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:11910"]}, {"type": "suse", "idList": ["SUSE-SA:2006:018"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2005-2922", "epss": 0.02392, "percentile": 0.88254, "modified": "2023-05-08"}], "vulnersScore": 7.3}, "_state": {"dependencies": 1701190290, "score": 1701190024, "epss": 0}, "_internal": {"score_hash": "4c42bbecd86a1429bc148d61618d61e9"}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "packageVersion": "10.0.1", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "linux-realplayer"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "packageVersion": "10.0.6", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-realplayer"}]}
{"securityvulns": [{"lastseen": "2018-08-31T11:10:16", "description": "RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap \r\nOverflow Vulnerability\r\n\r\niDefense Security Advisory 03.23.06\r\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\r\nMarch 23, 2006\r\n\r\nI. BACKGROUND\r\n\r\nRealPlayer is an application for playing various media formats,\r\ndeveloped by RealNetworks Inc. For more information, visit\r\nhttp://www.real.com/.\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a heap-based buffer overflow in RealNetwork Inc's\r\nRealPlayer could allow the execution of arbitrary code in the context of\r\nthe currently logged in user.\r\n\r\nThe vulnerability specifically exists in the handling of the 'chunked'\r\nTransfer-Encoding method. This method breaks the file the server is\r\nsending up into 'chunks'. For each chunk, the server first sends the\r\nlength of the chunk in hexadecimal, followed by the chunk data. This is\r\nrepeated until there are no more chunks. The server then sends a chunk\r\nlength of 0 indicating the end of the transfer.\r\n\r\nThere are multiple ways of triggering this vulnerability.\r\n\r\n * Sending a well-formed chunk header with a length of -1 (FFFFFFFF)\r\n followed by malicious data.\r\n * Sending a well-formed chunk header with a length specified which \r\nis less\r\n than the amount of data that will be sent,\r\n followed by malicious data.\r\n * Not sending a chunk header before sending malicious data.\r\n\r\nEach of these cases result in a heap overflow. Depending on the versions\r\nused, certain of these cases will not cause exploitable issues. However,\r\nthe last case appears to be reliable in triggering a crash.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation allows a remote attacker to execute arbitrary\r\ncode with the privileges of the currently logged in user. In order to\r\nexploit this vulnerability, an attacker would need to entice a user to\r\nfollow a link to a malicious server. Once the user visits a website\r\nunder the control of an attacker, it is possible in a default install of\r\nRealPlayer to force a web-browser to use RealPlayer to connect to an\r\narbitrary server, even when it is not the default application for\r\nhandling those types, by the use of embedded object tags in a webpage.\r\nThis may allow automated exploitation when the page is viewed.\r\n\r\nAs the client sends its version information as part of the request, it\r\nwould be possible for an attacker to create a malicious server which\r\nuses the appropriate offsets and shellcode for each version and platform\r\nof the client.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in RealPlayer\r\nVersion 10.4 and 10.5 for Windows and Both RealPlayer 10.4 and Helix\r\nPlayer 1.4 for Linux.\r\n\r\nThe vendor has stated that the following versions are vulnerable:\r\n * RealPlayer 10.5 (6.0.12.1040-1348)\r\n * RealPlayer 10\r\n * RealOne Player v2\r\n * RealOne Player v1\r\n * RealPlayer 8\r\n\r\nIt is suspected that previous versions of RealPlayer and Helix Player\r\nare affected by this vulnerability.\r\n\r\nV. WORKAROUND\r\n\r\nAlthough there is no way to completely protect yourself from this\r\nvulnerability, aside from removing the RealPlayer software, the\r\nfollowing actions may be taken to minimize the risk of automated\r\nexploitation.\r\n\r\nDisable ActiveX controls and plugins, if not necessary for daily\r\noperations, using the following steps:\r\n\r\n1. In IE, click on Tools and select Internet Options from the drop-down \r\nmenu.\r\n2. Click the Security tab and the Custom Level button.\r\n3. Under ActiveX Controls and Plugins, then Run Activex Controls and \r\nPlugins,\r\nclick the Disable radio button.\r\n\r\nIn general, exploitation requires that a targeted user be socially\r\nengineered into visiting a link to a server controlled by an attacker.\r\nAs such, do not visit unknown/untrusted website and do not follow\r\nsuspicious links.\r\n\r\nWhen possible, run client software, especially applications such as IM\r\nclients, web browsers and e-mail clients, from regular user accounts\r\nwith limited access to system resources. This may limit the immediate\r\nconsequences of client-side vulnerabilities such as this.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nInformation from the vendor about this vulnerability is available at to\r\nfollowing URL:\r\n\r\n http://service.real.com/realplayer/security/03162006_player/en/\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-2922 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n09/08/2005 Initial vendor notification\r\n09/09/2005 Initial vendor response\r\n03/23/2006 Public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was found internally by Greg MacManus of iDefense Labs.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2006 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n\r\n", "cvss3": {}, "published": "2006-03-24T00:00:00", "type": "securityvulns", "title": "iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-24T00:00:00", "id": "SECURITYVULNS:DOC:11925", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11925", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:16", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n______________________________________________________________________________\r\n\r\n SUSE Security Announcement\r\n\r\n Package: RealPlayer\r\n Announcement ID: SUSE-SA:2006:018\r\n Date: Thu, 23 Mar 2006 12:00:00 +0000\r\n Affected Products: Novell Linux Desktop 9\r\n SUSE LINUX 10.0\r\n SUSE LINUX 9.3\r\n SUSE LINUX 9.2\r\n Vulnerability Type: remote code execution\r\n Severity (1-10): 8\r\n SUSE Default Package: yes\r\n Cross-References: CVE-2005-2922, CVE-2006-0323\r\n\r\n Content of This Advisory:\r\n 1) Security Vulnerability Resolved:\r\n realplayer security problems\r\n Problem Description\r\n 2) Solution or Work-Around\r\n 3) Special Instructions and Notes\r\n 4) Package Location and Checksums\r\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\r\n See SUSE Security Summary Report.\r\n 6) Authenticity Verification and Additional Information\r\n\r\n______________________________________________________________________________\r\n\r\n1) Problem Description and Brief Discussion\r\n\r\n This update fixes the following security problems in Realplayer:\r\n\r\n - Specially crafted SWF files could cause a buffer overflow and\r\n crash RealPlayer (CVE-2006-0323).\r\n\r\n - Specially crafted web sites could cause heap overflow and lead to\r\n executing arbitrary code (CVE-2005-2922). This was already fixed\r\n with the previously released 1.0.6 version, but not announced on\r\n request of Real.\r\n\r\n The advisory for these problems is on this page at Real:\r\n http://service.real.com/realplayer/security/03162006_player/en/\r\n\r\n SUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by\r\n this problem and receive fixed packages.\r\n\r\n If you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux\r\n Desktop 1, we again wish to remind you that the Real player on these\r\n products cannot be updated and recommend to deinstall it.\r\n\r\n2) Solution or Work-Around\r\n\r\n There is no known workaround, please install the update packages.\r\n\r\n3) Special Instructions and Notes\r\n\r\n None.\r\n\r\n4) Package Location and Checksums\r\n\r\n The preferred method for installing security updates is to use the YaST\r\n Online Update (YOU) tool. YOU detects which updates are required and\r\n automatically performs the necessary steps to verify and install them.\r\n Alternatively, download the update packages for your distribution manually\r\n and verify their integrity by the methods listed in Section 6 of this\r\n announcement. Then install the packages using the command\r\n\r\n rpm -Fhv <file.rpm>\r\n\r\n to apply the update, replacing <file.rpm> with the filename of the\r\n downloaded RPM package.\r\n\r\n\r\n x86 Platform:\r\n\r\n SUSE LINUX 10.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n eaf09598db97183bdb25478dc5266edf\r\n\r\n SUSE LINUX 9.3:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n 427de6f3af871dca3d9c6c4f42d14793\r\n\r\n SUSE LINUX 9.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n e84dd17634bcb046ade69fcdc8d67468\r\n\r\n Sources:\r\n\r\n SUSE LINUX 10.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/RealPlayer-10.0.7-0.1.nosrc.rpm\r\n d686f982312d06ff76ad786c29c94f5a\r\n\r\n SUSE LINUX 9.3:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/RealPlayer-10.0.7-0.1.src.rpm\r\n 5355bf3f17801d07f9a004711622dc8e\r\n\r\n SUSE LINUX 9.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/RealPlayer-10.0.7-0.1.src.rpm\r\n 0a7e783c563c24107b04b7f7f4e0b697\r\n\r\n Our maintenance customers are notified individually. The packages are\r\n offered for installation from the maintenance web:\r\n\r\n http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/3ad7b20395a03f666b8f4ffe14e9276d.html\r\n\r\n______________________________________________________________________________\r\n\r\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\r\n\r\n See SUSE Security Summary Report.\r\n______________________________________________________________________________\r\n\r\n6) Authenticity Verification and Additional Information\r\n\r\n - Announcement authenticity verification:\r\n\r\n SUSE security announcements are published via mailing lists and on Web\r\n sites. The authenticity and integrity of a SUSE security announcement is\r\n guaranteed by a cryptographic signature in each announcement. All SUSE\r\n security announcements are published with a valid signature.\r\n\r\n To verify the signature of the announcement, save it as text into a file\r\n and run the command\r\n\r\n gpg --verify <file>\r\n\r\n replacing <file> with the name of the file where you saved the\r\n announcement. The output for a valid signature looks like:\r\n\r\n gpg: Signature made <DATE> using RSA key ID 3D25D3D9\r\n gpg: Good signature from "SuSE Security Team <security@suse.de>"\r\n\r\n where <DATE> is replaced by the date the document was signed.\r\n\r\n If the security team's key is not contained in your key ring, you can\r\n import it from the first installation CD. To import the key, use the\r\n command\r\n\r\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\r\n\r\n - Package authenticity verification:\r\n\r\n SUSE update packages are available on many mirror FTP servers all over the\r\n world. While this service is considered valuable and important to the free\r\n and open source software community, the authenticity and the integrity of\r\n a package needs to be verified to ensure that it has not been tampered\r\n with.\r\n\r\n There are two verification methods that can be used independently from\r\n each other to prove the authenticity of a downloaded file or RPM package:\r\n\r\n 1) Using the internal gpg signatures of the rpm package\r\n 2) MD5 checksums as provided in this announcement\r\n\r\n 1) The internal rpm package signatures provide an easy way to verify the\r\n authenticity of an RPM package. Use the command\r\n\r\n rpm -v --checksig <file.rpm>\r\n\r\n to verify the signature of the package, replacing <file.rpm> with the\r\n filename of the RPM package downloaded. The package is unmodified if it\r\n contains a valid signature from build@suse.de with the key ID 9C800ACA.\r\n\r\n This key is automatically imported into the RPM database (on\r\n RPMv4-based distributions) and the gpg key ring of 'root' during\r\n installation. You can also find it on the first installation CD and at\r\n the end of this announcement.\r\n\r\n 2) If you need an alternative means of verification, use the md5sum\r\n command to verify the authenticity of the packages. Execute the command\r\n\r\n md5sum <filename.rpm>\r\n\r\n after you downloaded the file from a SUSE FTP server or its mirrors.\r\n Then compare the resulting md5sum with the one that is listed in the\r\n SUSE security announcement. Because the announcement containing the\r\n checksums is cryptographically signed (by security@suse.de), the\r\n checksums show proof of the authenticity of the package if the\r\n signature of the announcement is valid. Note that the md5 sums\r\n published in the SUSE Security Announcements are valid for the\r\n respective packages only. Newer versions of these packages cannot be\r\n verified.\r\n\r\n - SUSE runs two security mailing lists to which any interested party may\r\n subscribe:\r\n\r\n suse-security@suse.com\r\n - General Linux and SUSE security discussion.\r\n All SUSE security announcements are sent to this list.\r\n To subscribe, send an e-mail to\r\n <suse-security-subscribe@suse.com>.\r\n\r\n suse-security-announce@suse.com\r\n - SUSE's announce-only mailing list.\r\n Only SUSE's security announcements are sent to this list.\r\n To subscribe, send an e-mail to\r\n <suse-security-announce-subscribe@suse.com>.\r\n\r\n For general information or the frequently asked questions (FAQ),\r\n send mail to <suse-security-info@suse.com> or\r\n <suse-security-faq@suse.com>.\r\n\r\n =====================================================================\r\n SUSE's security contact is <security@suse.com> or <security@suse.de>.\r\n The <security@suse.de> public key is listed below.\r\n =====================================================================\r\n______________________________________________________________________________\r\n\r\n The information in this advisory may be distributed or reproduced,\r\n provided that the advisory is not modified in any way. In particular, the\r\n clear text signature should show proof of the authenticity of the text.\r\n\r\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\r\n with respect to the information contained in this security advisory.\r\n\r\nType Bits/KeyID Date User ID\r\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>\r\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>\r\n\r\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\r\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\r\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\r\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\r\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\r\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\r\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\r\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\r\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\r\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\r\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\r\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\r\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\r\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\r\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\r\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\r\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\r\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\r\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\r\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\r\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\r\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\r\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\r\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\r\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\r\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\r\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\r\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\r\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\r\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\r\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\r\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\r\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\r\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\r\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\r\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\r\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\r\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\r\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\r\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\r\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\r\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\r\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\r\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\r\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\r\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\r\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\r\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\r\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\r\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\r\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\r\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\r\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\r\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\r\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\r\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\r\n=ypVs\r\n- -----END PGP PUBLIC KEY BLOCK-----\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\niQEVAwUBRCKOiXey5gA9JdPZAQIpHwf9GLM/WqEyyhEtMDDXZMsQHtH3boux7jt1\r\nu/n6ZnDT7IbEWqMha7KZkI63V1tmPf3jJlJIG/6TcyqZJDg3qdesMVCYgS0KaO3Z\r\nyV/mMKWQBXRpU0AXpGH6uwVMPGxjRD4eC4spWSWLIw6YATWinLnN9AICilBbqgbQ\r\nD/jx6Ga6G8h+BrkH4ZcEzrLu0LtG+4m2PAv5+TNlFLWrlA90Amy8WNwSqCJtMucq\r\nDOC+Xj158Pd8GI5plL2fP85tvf9lOTl2PCmyFTwrK4Us4t2mjTqtSOvN34++oZ83\r\n4CTXKlrOhElpSp6NyZe56i6U22Sw/EhTw3JqlUadW7Ls91mmpqtn2A==\r\n=Lmof\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "securityvulns", "title": "[Full-disclosure] SUSE Security Announcement: RealPlayer security problems (SUSE-SA:2006:018)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2006-03-23T00:00:00", "id": "SECURITYVULNS:DOC:11910", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11910", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "saint": [{"lastseen": "2021-07-28T14:33:28", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:74F1BEDE6E32D2B82819435F2160B116", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-20T18:50:11", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<https://vulners.com/cve/CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:32AF98CF80A27AB194B608D45186A636", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T16:46:34", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<https://vulners.com/cve/CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:7A58BDE9BDCCED73750F291E450DEC53", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2016-10-03T15:01:59", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:CB07D6C943AA2B34E7B85CB005E75063", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-11-28T15:03:39", "description": "iDefense Reports :\n\nRemote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user.\n\nIn order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a malicious server. Once the user visits a website under the control of an attacker, it is possible in a default install of RealPlayer to force a web-browser to use RealPlayer to connect to an arbitrary server, even when it is not the default application for handling those types, by the use of embedded object tags in a webpage. This may allow automated exploitation when the page is viewed.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "FreeBSD : linux-realplayer -- heap overflow (fe4c84fc-bdb5-11da-b7d4-00123ffe8333)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-realplayer", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FE4C84FCBDB511DAB7D400123FFE8333.NASL", "href": "https://www.tenable.com/plugins/nessus/21544", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21544);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2922\");\n script_xref(name:\"Secunia\", value:\"19358\");\n\n script_name(english:\"FreeBSD : linux-realplayer -- heap overflow (fe4c84fc-bdb5-11da-b7d4-00123ffe8333)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"iDefense Reports :\n\nRemote exploitation of a heap-based buffer overflow in RealNetwork\nInc's RealPlayer could allow the execution of arbitrary code in the\ncontext of the currently logged in user.\n\nIn order to exploit this vulnerability, an attacker would need to\nentice a user to follow a link to a malicious server. Once the user\nvisits a website under the control of an attacker, it is possible in a\ndefault install of RealPlayer to force a web-browser to use RealPlayer\nto connect to an arbitrary server, even when it is not the default\napplication for handling those types, by the use of embedded object\ntags in a webpage. This may allow automated exploitation when the page\nis viewed.\"\n );\n # http://service.real.com/realplayer/security/03162006_player/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.real.com/\"\n );\n # http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3617439\"\n );\n # https://vuxml.freebsd.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?963d2fe4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-realplayer>=10.0.1<10.0.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:02:37", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:018 (RealPlayer).\n\n\nThis update fixes the following security problems in Realplayer:\n\n- Specially crafted SWF files could cause a buffer overflow and crash RealPlayer (CVE-2006-0323).\n\n- Specially crafted web sites could cause heap overflow and lead to executing arbitrary code (CVE-2005-2922). This was already fixed with the previously released 1.0.6 version, but not announced on request of Real.\n\nThe advisory for these problems is on this page at Real:\nhttp://service.real.com/realplayer/security/03162006_player/en/\n\nSUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by this problem and receive fixed packages.\n\nIf you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux Desktop 1, we again wish to remind you that the Real player on these products cannot be updated and recommend to deinstall it.", "cvss3": {}, "published": "2006-03-27T00:00:00", "type": "nessus", "title": "SUSE-SA:2006:018: RealPlayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2006_018.NASL", "href": "https://www.tenable.com/plugins/nessus/21150", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:018\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(21150);\n script_version(\"1.9\");\n \n name[\"english\"] = \"SUSE-SA:2006:018: RealPlayer\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:018 (RealPlayer).\n\n\nThis update fixes the following security problems in Realplayer:\n\n- Specially crafted SWF files could cause a buffer overflow and\ncrash RealPlayer (CVE-2006-0323).\n\n- Specially crafted web sites could cause heap overflow and lead to\nexecuting arbitrary code (CVE-2005-2922). This was already fixed\nwith the previously released 1.0.6 version, but not announced on\nrequest of Real.\n\nThe advisory for these problems is on this page at Real:\nhttp://service.real.com/realplayer/security/03162006_player/en/\n\nSUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by\nthis problem and receive fixed packages.\n\nIf you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux\nDesktop 1, we again wish to remind you that the Real player on these\nproducts cannot be updated and recommend to deinstall it.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2006_18_realplayer.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the RealPlayer package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:54:57", "description": "An updated HelixPlayer package that fixes a string format issue is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "RHEL 4 : HelixPlayer (RHSA-2005:788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:helixplayer", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-788.NASL", "href": "https://www.tenable.com/plugins/nessus/19836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:788. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19836);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\");\n script_xref(name:\"RHSA\", value:\"2005:788\");\n\n script_name(english:\"RHEL 4 : HelixPlayer (RHSA-2005:788)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a string format issue is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running HelixPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains HelixPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:788\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:788\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:25:51", "description": "An updated HelixPlayer package that fixes a string format issue is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2007-01-08T00:00:00", "type": "nessus", "title": "CentOS 4 : Helix / Player (CESA-2005:788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:helixplayer", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2005-788.NASL", "href": "https://www.tenable.com/plugins/nessus/23983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:788 and \n# CentOS Errata and Security Advisory 2005:788 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23983);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\");\n script_xref(name:\"RHSA\", value:\"2005:788\");\n\n script_name(english:\"CentOS 4 : Helix / Player (CESA-2005:788)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a string format issue is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running HelixPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains HelixPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012207.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d258f2dc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012208.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7cf68a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected helix and / or player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:02:37", "description": "According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from one or more buffer overflows involving maliciously- crafted SWF and MBC files as well as web pages. In addition, it also may be affected by a local privilege escalation issue.", "cvss3": {}, "published": "2006-03-24T00:00:00", "type": "nessus", "title": "RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2005-2936", "CVE-2006-0323", "CVE-2006-1370"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/a:realnetworks:realplayer"], "id": "REALPLAYER_6_0_12_1483.NASL", "href": "https://www.tenable.com/plugins/nessus/21140", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21140);\n script_version(\"1.19\");\n\n script_cve_id(\"CVE-2005-2922\", \"CVE-2005-2936\", \"CVE-2006-0323\", \"CVE-2006-1370\");\n script_bugtraq_id(15448, 17202);\n\n script_name(english:\"RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities\");\n script_summary(english:\"Checks RealPlayer build number\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by several issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its build number, the installed version of RealPlayer /\nRealOne Player / RealPlayer Enterprise on the remote Windows host\nsuffers from one or more buffer overflows involving maliciously-\ncrafted SWF and MBC files as well as web pages. In addition, it also\nmay be affected by a local privilege escalation issue.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d16d359\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0b66183\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/realplayer/security/03162006_player/en/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade according to the vendor advisory referenced above.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/11/15\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2006/03/16\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:realnetworks:realplayer\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"realplayer_detect.nasl\");\n script_require_keys(\"SMB/RealPlayer/Product\", \"SMB/RealPlayer/Build\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\n# nb: RealOne Player and RealPlayer Enterprise are also affected,\n# but we don't currently know which specific build numbers\n# address the issues.\nprod = get_kb_item(\"SMB/RealPlayer/Product\");\nif (!prod || prod != \"RealPlayer\") exit(0);\n\n\n# Check build.\nbuild = get_kb_item(\"SMB/RealPlayer/Build\");\nif (!build) exit(0);\n\n# There's a problem if the build is before 6.0.12.1483.\nver = split(build, sep:'.', keep:FALSE);\nif (\n int(ver[0]) < 6 ||\n (\n int(ver[0]) == 6 &&\n int(ver[1]) == 0 && \n (\n int(ver[2]) < 12 ||\n (int(ver[2]) == 12 && int(ver[3]) < 1483)\n )\n )\n)\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" build \", build, \" is installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:58:02", "description": "An updated RealPlayer package that fixes a format string bug is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and via streaming.\n\nA format string bug was discovered in the way RealPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : RealPlayer (RHSA-2005:762)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922", "CVE-2005-2969"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:realplayer", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-762.NASL", "href": "https://www.tenable.com/plugins/nessus/63829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:762. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63829);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\", \"CVE-2005-2969\");\n script_xref(name:\"RHSA\", value:\"2005:762\");\n\n script_name(english:\"RHEL 3 / 4 : RealPlayer (RHSA-2005:762)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated RealPlayer package that fixes a format string bug is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and\nvia streaming.\n\nA format string bug was discovered in the way RealPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running RealPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated\npackage, which contains RealPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2629.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2710.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2922.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2005-762.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected RealPlayer and / or realplayer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:RealPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"realplayer-10.0.6-0.rhel3.2\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"RealPlayer-10.0.6-2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cert": [{"lastseen": "2023-11-28T15:28:07", "description": "### Overview\n\nNumerous RealNetworks products do not properly handle chunked data. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**RealNetworks RealPlayer**\n\nRealNetworks [RealPlayer](<http://www.real.com/>) is a multimedia application that allows users to view local and remote audio/video content. \n \n**Chunked Encoding** \n \nChunked encoding is a means to transfer variable-sized units of data (called chunks) from a web client to a web server. \n \n**The Problem** \n \nNumerous RealNetworks products fail to properly handle file chunks allowing a buffer overflow to occur. By persuading a user to access a RealPlayer file hosted on a malicious server, a remote attacker may be able to execute arbitrary code. \n \n**Considerations** \n \nA complete list of affected software is available in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n### Impact\n\nBy convincing a user to open RealPlayer file hosted on a malicious server, a remote unauthenticated attacker can execute arbitrary code. \n \n--- \n \n### Solution\n\n**Patch RealPlayer**\n\nApply the patches supplied in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n**Disable RealPlayer in your web browser**\n\n \nAn attacker may be able to exploit this vulnerability by persuading a user to access a RealPlayer file with a web browser. Disabling RealPlayer in the web browser will eliminate this attack vector thereby reducing the chances of exploitation. \n \nTo disable RealPlayer in Microsoft Internet Explorer, disable the RealPlayer ActiveX control. In other web browsers, such as Mozilla Firefox, disable the RealPlayer plugin. \n \n--- \n \n### Vendor Information\n\n172489\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### RealNetworks, Inc. __ Affected\n\nUpdated: April 05, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://service.real.com/realplayer/security/03162006_player/en/>. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23172489 Feedback>).\n\n### Red Hat, Inc. __ Affected\n\nUpdated: May 17, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis issue affected HelixPlayer in Red Hat Enterprise Linux 4, and RealPlayer in Red Hat Enterprise Linux Extras 3 and 4. Updated packages are available along with our advisories at the URL below and by using the Red Hat Network 'up2date' tool.\n\n<https://rhn.redhat.com/cve/CVE-2005-2922.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404>\n * <http://securitytracker.com/id?1015808>\n * <http://www.service.real.com/realplayer/security/03162006_player/en/>\n * <http://secunia.com/advisories/19358/>\n * <http://secunia.com/advisories/19365/>\n\n### Acknowledgements\n\nThis vulnerability was reported by iDEFENSE Labs.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-2922](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-2922>) \n---|--- \n**Severity Metric:** | 20.20 \n**Date Public:** | 2006-03-23 \n**Date First Published:** | 2006-04-05 \n**Date Last Updated: ** | 2006-05-17 12:45 UTC \n**Document Revision: ** | 33 \n", "cvss3": {}, "published": "2006-04-05T00:00:00", "type": "cert", "title": "RealNetworks products fail to properly handle chunked data", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-05-17T12:45:00", "id": "VU:172489", "href": "https://www.kb.cert.org/vuls/id/172489", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-02T21:10:19", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: linux-realplayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2016-09-22T00:00:00", "id": "OPENVAS:56447", "href": "http://plugins.openvas.org/nasl.php?oid=56447", "sourceData": "#\n#VID fe4c84fc-bdb5-11da-b7d4-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: linux-realplayer\n\nCVE-2005-2922\nHeap-based buffer overflow in the embedded player in multiple\nRealNetworks products and versions including RealPlayer 10.x, RealOne\nPlayer, and Helix Player allows remote malicious servers to cause a\ndenial of service (crash) and possibly execute arbitrary code via a\nchunked Transfer-Encoding HTTP response in which either (1) the chunk\nheader length is specified as -1, (2) the chunk header with a length\nthat is less than the actual amount of sent data, or (3) a missing\nchunk header.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://service.real.com/realplayer/security/03162006_player/en/\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\nhttp://secunia.com/advisories/19358/\nhttp://www.vuxml.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56447);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(17202);\n script_cve_id(\"CVE-2005-2922\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: linux-realplayer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-realplayer\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.1\")>=0 && revcomp(a:bver, b:\"10.0.6\")<0) {\n txt += 'Package linux-realplayer version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2023-11-28T14:43:25", "description": "Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.", "cvss3": {}, "published": "2005-12-31T05:00:00", "type": "cve", "title": "CVE-2005-2922", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2017-10-11T01:30:00", "cpe": ["cpe:/a:realnetworks:realplayer:10.0.5", "cpe:/a:realnetworks:helix_player:10.0.1", "cpe:/a:realnetworks:realone_player:1.0", "cpe:/a:realnetworks:realplayer:8.0", "cpe:/a:realnetworks:realone_player:0.297", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:realone_player:2.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053", "cpe:/a:realnetworks:helix_player:10.0.2", "cpe:/a:realnetworks:realone_player:*", "cpe:/a:realnetworks:realplayer:10.0.3", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:helix_player:10.0.3", "cpe:/a:realnetworks:helix_player:10.0.4", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1059", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1056", "cpe:/a:realnetworks:realplayer:10.0.2", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:rhapsody:3.0", "cpe:/a:realnetworks:helix_player:10.0.6", "cpe:/a:realnetworks:realplayer:10.0.0.305", "cpe:/a:realnetworks:helix_player:10.0.5", "cpe:/a:realnetworks:realplayer:10.0.4", "cpe:/a:realnetworks:realplayer:10.0.0.331", "cpe:/a:realnetworks:helix_player:10.0", "cpe:/a:realnetworks:rhapsody:3.0_build_0.815", "cpe:/a:realnetworks:realplayer:10.0.6", "cpe:/a:realnetworks:realplayer:10.0.1", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1069", "cpe:/a:realnetworks:realone_player:0.288", "cpe:/a:realnetworks:realplayer:*", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1235"], "id": "CVE-2005-2922", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2922", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:realnetworks:helix_player:10.0.2:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.5:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.0.305:*:mac_os:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.6:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.6:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.0.331:*:mac_os:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.3:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.4:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.3:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:rhapsody:3.0_build_0.815:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.4:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.5:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.2:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:0.288:*:mac_os_x:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:rhapsody:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:0.297:*:mac_os_x:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2021-06-08T18:40:21", "description": "This update fixes the following security problems in Realplayer:\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2006-03-23T12:04:47", "type": "suse", "title": "remote code execution in RealPlayer", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2006-03-23T12:04:47", "id": "SUSE-SA:2006:018", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-03/msg00016.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-21T04:43:59", "description": "HelixPlayer is a media player.\r\n\r\nA format string bug was discovered in the way HelixPlayer processes RealPix\r\n(.rp) files. It is possible for a malformed RealPix file to execute\r\narbitrary code as the user running HelixPlayer. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710\r\nto this issue.\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-09-27T00:00:00", "type": "redhat", "title": "(RHSA-2005:788) HelixPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2017-09-08T08:16:41", "id": "RHSA-2005:788", "href": "https://access.redhat.com/errata/RHSA-2005:788", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:00", "description": "RealPlayer is a media player that provides media playback locally and\r\nvia streaming.\r\n\r\nA format string bug was discovered in the way RealPlayer processes RealPix\r\n(.rp) files. It is possible for a malformed RealPix file to execute\r\narbitrary code as the user running RealPlayer. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710\r\nto this issue.\r\n\r\nAll users of RealPlayer are advised to upgrade to this updated package,\r\nwhich contains RealPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-09-27T00:00:00", "type": "redhat", "title": "(RHSA-2005:762) RealPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2018-05-26T00:26:19", "id": "RHSA-2005:762", "href": "https://access.redhat.com/errata/RHSA-2005:762", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-11-28T17:36:35", "description": "**CentOS Errata and Security Advisory** CESA-2005:788\n\n\nHelixPlayer is a media player.\r\n\r\nA format string bug was discovered in the way HelixPlayer processes RealPix\r\n(.rp) files. It is possible for a malformed RealPix file to execute\r\narbitrary code as the user running HelixPlayer. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710\r\nto this issue.\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-September/074369.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-September/074370.html\n\n**Affected packages:**\nHelixPlayer\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2005:788", "cvss3": {}, "published": "2005-09-27T22:04:42", "type": "centos", "title": "HelixPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2005-09-27T22:05:18", "id": "CESA-2005:788", "href": "https://lists.centos.org/pipermail/centos-announce/2005-September/074369.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
linux-realplayer -- heap overflow
