Lucene search
K

Rhapsody vidplin.dll AVI Processing Heap Overflow Vulnerability

🗓️ 24 Jun 2005 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 18 Views

Rhapsody vidplin.dll AVI Processing Heap Overflow Vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
Check Point Advisories
RealNetworks RealPlayer AVI Parsing Buffer Overflow (CAN-2005-2052)
4 Sep 200500:00
checkpoint_advisories
CVE
CVE-2005-2052
26 Jun 200504:00
cve
Cvelist
CVE-2005-2052
26 Jun 200504:00
cvelist
EUVD
EUVD-2005-2054
7 Oct 202500:30
euvd
NVD
CVE-2005-2052
28 Jun 200504:00
nvd
Tenable Nessus
RealPlayer / RealOne Player for Windows Multiple Vulnerabilities (2005-06-23)
24 Jun 200500:00
nessus
UbuntuCve
CVE-2005-2052
28 Jun 200504:00
ubuntucve
#
# (C) Tenable Network Security, Inc.
#



include("compat.inc");

if (description) {
  script_id(18560);
  script_version("1.18");

  script_cve_id("CVE-2005-2052");
  script_bugtraq_id(13530);

  name["english"] = "Rhapsody vidplin.dll AVI Processing Heap Overflow Vulnerability";
  script_name(english:name["english"]);
 
 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a multimedia player that is prone to
a buffer overflow attack." );
 script_set_attribute(attribute:"description", value:
"The remote installation of Rhapsody has a heap overflow in the
'vidplin.dll' file used to process AVI files.  With a specially-
crafted AVI file, an attacker can exploit this flaw to cause arbitrary
code to be run within the context of the affected application when a
user opens the file." );
 script_set_attribute(attribute:"see_also", value:"https://www.beyondtrust.com/resources/blog/research/" );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Jun/201" );
 script_set_attribute(attribute:"see_also", value:"http://service.real.com/help/faq/security/050623_player/EN/" );
 script_set_attribute(attribute:"solution", value:
"Upgrade according to the vendor advisory referenced above." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/24");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/06/23");
 script_cvs_date("Date: 2018/11/15 20:50:28");
 script_set_attribute(attribute:"patch_publication_date", value: "2005/06/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();

 
  summary["english"] = "Checks for vidplin.dll AVI processing heap overflow vulnerability in Rhapsody";
  script_summary(english:summary["english"]);

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("rhapsody_detect.nasl");
  script_require_keys("SMB/Rhapsody/Version");

  exit(0);
}


ver = get_kb_item("SMB/Rhapsody/Version");
if (ver) {
  # There's a problem if it's version 3 with a build in [0.815, 0.1141).
  iver = split(ver, sep:'.', keep:FALSE);
  if (
    int(iver[0]) == 3 &&
    int(iver[1]) == 0 && 
    int(iver[2]) == 0 &&
    (int(iver[3]) >= 815 && int(iver[3]) < 1141)
  ) security_hole(get_kb_item("SMB/transport"));
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation