Lucene search

Kaspersky LabKLA11033

HistoryMay 29, 2017 - 12:00 a.m.

KLA11033 Denial of service vulnerability in RealPlayer

2017-05-2900:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

45.7%

JSON

A divide-by-zero vulnerability was found in the RealPlayer. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via specially designed MP4 file.

Original advisories

Divided RealPlayer 16.0.2.32

RealPlayer Homepage

Related products

RealPlayer

CVE list

CVE-2017-9302 warning

Solution

Update to latest version

Download RealPlayer

Impacts

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

RealPlayer 16.0.2.32

References

code610.blogspot.ru/2017/05/divided-realplayer-160232.html

www.real.com/

statistics.securelist.com/

threats.kaspersky.com/en/product/RealPlayer/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

45.7%

JSON

Related for KLA11033