Search...

Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64

2012-08-01T00:00:00

ID SL_20070627_HELIXPLAYER_ON_SL4_X.NASL
Type nessus
Reporter Tenable
Modified 2015-01-15T00:00:00

Description

A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60220);
  script_version("$Revision: 1.4 $");
  script_cvs_date("$Date: 2015/01/15 16:37:17 $");

  script_cve_id("CVE-2007-3410");

  script_name(english:"Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Scientific Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. It was
possible for a malformed SMIL file to execute arbitrary code with the
permissions of the user running HelixPlayer. (CVE-2007-3410)"
  );
  # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=3791
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7975e86f"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected HelixPlayer package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/06/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " &gt;!&lt; release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu &gt;!&lt; "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"HelixPlayer-1.0.6-0.EL4.2.0.2")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"published": "2012-08-01T00:00:00", "id": "SL_20070627_HELIXPLAYER_ON_SL4_X.NASL", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:07", "bulletin": {"enchantments": {}, "published": "2012-08-01T00:00:00", "id": "SL_20070627_HELIXPLAYER_ON_SL4_X.NASL", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "cpe": [], "hash": "4ed351559b9fd3c7e9fb1727fb472c853cbb9ed5ac707c07d223c2d37581571f", "description": "A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)", "type": "nessus", "pluginID": "60220", "lastseen": "2016-09-26T17:23:07", "edition": 1, "title": "Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60220", "modified": "2015-01-15T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2007-3410"], "references": ["http://www.nessus.org/u?7975e86f"], "naslFamily": "Scientific Linux Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60220);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/01/15 16:37:17 $\");\n\n script_cve_id(\"CVE-2007-3410\");\n\n script_name(english:\"Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=3791\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7975e86f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "8a85424ffa4731b6b720ad81529796fd", "key": "sourceData"}, {"hash": "c459074115a427141f584ccc9fd3d8cc", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ff9b401529ad052db50e89f363430ebc", "key": "pluginID"}, {"hash": "5a702aacd945b32ecec20a7ee647fb31", "key": "modified"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "0701beb1b3fbc3538c67e3a64501b32d", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "afff7b4f79cb0279de5b40b664d6bb49", "key": "cvelist"}, {"hash": "56ae65b1e750f6620542172d23096512", "key": "title"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "de8e6d6855da599533fc924ac23a0bca", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "objectVersion": "1.2"}}], "description": "A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)", "hash": "29769c5329ccd7741b5d4015211494316044cc353f9b9fe2ac1f10852cb14a3f", "enchantments": {"vulnersScore": 7.5}, "type": "nessus", "pluginID": "60220", "lastseen": "2017-10-29T13:33:11", "edition": 2, "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "title": "Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60220", "modified": "2015-01-15T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2007-3410"], "references": ["http://www.nessus.org/u?7975e86f"], "naslFamily": "Scientific Linux Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60220);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/01/15 16:37:17 $\");\n\n script_cve_id(\"CVE-2007-3410\");\n\n script_name(english:\"Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=3791\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7975e86f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "afff7b4f79cb0279de5b40b664d6bb49", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "0701beb1b3fbc3538c67e3a64501b32d", "key": "description"}, {"hash": "c459074115a427141f584ccc9fd3d8cc", "key": "href"}, {"hash": "5a702aacd945b32ecec20a7ee647fb31", "key": "modified"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "ff9b401529ad052db50e89f363430ebc", "key": "pluginID"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "de8e6d6855da599533fc924ac23a0bca", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8a85424ffa4731b6b720ad81529796fd", "key": "sourceData"}, {"hash": "56ae65b1e750f6620542172d23096512", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}

{"result": {"cve": [{"id": "CVE-2007-3410", "type": "cve", "title": "CVE-2007-3410", "description": "Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.", "published": "2007-06-26T18:30:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3410", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-10-11T11:07:13"}], "cert": [{"id": "VU:770904", "type": "cert", "title": "RealNetworks players SMIL \"wallclock\" buffer overflow", "description": "### Overview\n\nA buffer overflow in RealNetworks media players could allow a remote attacker to execute arbitrary code on an affected system.\n\n### Description\n\nThe [RealNetworks](<http://www.real.com/>) [RealPlayer](<http://www.realplayer.com/>) and [Helix Player](<https://player.helixcommunity.org/>) applications allow users to view local and remote audio and video content. These players support multiple media formats including the synchronized multimedia integration language ([SMIL](<http://www.w3.org/TR/SMIL/>)). A stack-based buffer overflow exists in the way that these players handle the \"wallclock-sync\" values encoded in the SMIL data. A remote attacker with the ability to supply a specially crafted media file or stream could exploit this vulnerability to execute arbitrary code on an affected system. \n\nNote that we are aware of publicly-available exploit code for this vulnerability. \n \n--- \n \n### Impact\n\nA remote unauthenticated attacker could execute arbitrary code with the privileges of the user running a vulnerable application or cause the vulnerable application to crash, resulting in a denial of service. \n \n--- \n \n### Solution\n\n**Apply an update from the vendor** \n \nThe latest versions of the affected software available at the time of this writing are reported to contain a patch for this issue. Users of RealPlayer are encouraged to take the following steps to update: \n\n * Windows users are encouraged to follow the steps outlined in [RealNetworks support document Answer ID 6929](<http://real.custhelp.com/cgi-bin/real.cfg/php/enduser/std_adp.php?p_faqid=6929>)\n * RealPlayer for Mac OS X users should take the following steps: \n1\\. Go the RealPlayer menu. \n2\\. Choose Check for Update. \n3\\. Select the box next to the \"RealPlayer 10 Latest Release\" component. \n4\\. Click Install to download and install the update \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nRealNetworks, Inc.| | 27 Jun 2007| 28 Jun 2007 \nRed Hat, Inc.| | -| 27 Jun 2007 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23770904 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547>\n\n### Credit\n\nThis vulnerability was reported by iDefense Labs in [iDefense Labs Public Advisory: 06.26.07](<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547>). iDefense credits an anonymous researcher with reporting this vulnerability to them.\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n * CVE IDs: [CVE-2007-3410](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3410>)\n * Date Public: 26 Jun 2007\n * Date First Published: 28 Jun 2007\n * Date Last Updated: 28 Jun 2007\n * Severity Metric: 22.27\n * Document Revision: 5\n\n", "published": "2007-06-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.kb.cert.org/vuls/id/770904", "cvelist": ["CVE-2007-3410", "CVE-2007-3410"], "lastseen": "2016-02-03T09:12:37"}], "nessus": [{"id": "ORACLELINUX_ELSA-2007-0605.NASL", "type": "nessus", "title": "Oracle Linux 4 : HelixPlayer (ELSA-2007-0605)", "description": "From Red Hat Security Advisory 2007:0605 :\n\nAn updated HelixPlayer package that fixes a buffer overflow flaw is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.", "published": "2013-07-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67538", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-10-29T13:37:34"}, {"id": "FEDORA_2007-0756.NASL", "type": "nessus", "title": "Fedora 7 : HelixPlayer-1.0.7-6.fc7 (2007-0756)", "description": "A buffer overflow flaw was discovered in the way RealPlayer and HelixPlayer handle the wallclock variable in Synchronized Multimedia Integration Language (SMIL) files.\n\nMore information regarding this flaw can be found here:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=5 47\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-11-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27679", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-10-29T13:42:58"}, {"id": "GENTOO_GLSA-200709-05.NASL", "type": "nessus", "title": "GLSA-200709-05 : RealPlayer: Buffer overflow", "description": "The remote host is affected by the vulnerability described in GLSA-200709-05 (RealPlayer: Buffer overflow)\n\n A stack-based buffer overflow vulnerability has been reported in the SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when handling HH:mm:ss.f type time formats.\n Impact :\n\n By enticing a user to open a specially crafted SMIL (Synchronized Multimedia Integration Language) file, an attacker could be able to execute arbitrary code with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "published": "2007-09-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=26095", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-10-29T13:35:38"}, {"id": "REALPLAYER_6_0_12_1578.NASL", "type": "nessus", "title": "RealPlayer for Windows < Build 6.0.12.1578 Multiple Vulnerabilities", "description": "According to its build number, the installed version of RealPlayer on the remote Windows host contains a stack-based buffer overflow that can be triggered by a specially crafted SMIL file, perhaps accessed over the web using the CLSID 'CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA'.\nA remote attacker may be able to exploit this issue to execute arbitrary code subject to the user's privileges on the affected host.", "published": "2007-06-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25573", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-10-29T13:38:18"}, {"id": "CENTOS_RHSA-2007-0605.NASL", "type": "nessus", "title": "CentOS 4 : HelixPlayer (CESA-2007:0605)", "description": "An updated HelixPlayer package that fixes a buffer overflow flaw is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.", "published": "2007-06-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25614", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-10-29T13:45:16"}, {"id": "REDHAT-RHSA-2007-0605.NASL", "type": "nessus", "title": "RHEL 4 : HelixPlayer (RHSA-2007:0605)", "description": "An updated HelixPlayer package that fixes a buffer overflow flaw is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.", "published": "2007-06-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25624", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-10-29T13:36:13"}, {"id": "FREEBSD_PKG_F762CCBBBAED11DCA302000102CC8983.NASL", "type": "nessus", "title": "FreeBSD : linux-realplayer -- multiple vulnerabilities (f762ccbb-baed-11dc-a302-000102cc8983)", "description": "Secunia reports :\n\nMultiple vulnerabilities have been reported in RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious people to compromise a user's system.\n\nAn input validation error when processing .RA/.RAM files can be exploited to cause a heap corruption via a specially crafted .RA/.RAM file with an overly large size field in the header.\n\nAn error in the processing of .PLS files can be exploited to cause a memory corruption and execute arbitrary code via a specially crafted .PLS file.\n\nAn input validation error when parsing .SWF files can be exploited to cause a buffer overflow via a specially crafted .SWF file with malformed record headers.\n\nA boundary error when processing rm files can be exploited to cause a buffer overflow.", "published": "2008-01-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29866", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "lastseen": "2017-10-29T13:36:13"}, {"id": "REDHAT-RHSA-2007-0841.NASL", "type": "nessus", "title": "RHEL 3 / 4 / 5 : RealPlayer (RHSA-2007:0841)", "description": "An updated RealPlayer package that fixes a security flaw is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and via streaming.\n\nA buffer overflow flaw was found in the way RealPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running RealPlayer. (CVE-2007-3410)\n\nAll users of RealPlayer are advised to upgrade to this updated package containing RealPlayer version 10.0.9 which is not vulnerable to this issue.", "published": "2009-08-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40707", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "lastseen": "2017-10-29T13:33:46"}, {"id": "REALPLAYER_6_0_12_1662.NASL", "type": "nessus", "title": "RealPlayer for Windows < Build 6.0.12.1662 Multiple Vulnerabilities", "description": "According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from several buffer overflows involving specially crafted media files (eg, '.mp3', '.rm', '.SMIL', '.swf', '.ram', and '.pls'). If an attacker can trick a user on the affected system into opening such a file or browsing to a specially crafted web page, he may be able to exploit one of these issues to execute arbitrary code subject to the user's privileges on the affected host.", "published": "2007-10-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27591", "cvelist": ["CVE-2007-4599", "CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410", "CVE-2007-5080"], "lastseen": "2017-10-29T13:37:21"}], "d2": [{"id": "D2SEC_REAL_WALLCLOCK", "type": "d2", "title": "DSquare Exploit Pack: D2SEC_REAL_WALLCLOCK", "description": "**Name**| d2sec_real_wallclock \n---|--- \n**CVE**| CVE-2007-3410 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| RealPlayer ParseWallClockValue Stack Overflow Vulnerability \n**Notes**| \n", "published": "2007-06-26T18:30:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_real_wallclock", "cvelist": ["CVE-2007-3410"], "lastseen": "2016-09-25T14:11:07"}], "osvdb": [{"id": "OSVDB:38342", "type": "osvdb", "title": "RealPlayer smlprstime.cpp SmilTimeValue::parseWallClockValue Function SMIL File Handling Overflow", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://service.real.com/realplayer/security/10252007_player/en/\nSecurity Tracker: 1018297\nSecurity Tracker: 1018299\n[Secunia Advisory ID:25819](https://secuniaresearch.flexerasoftware.com/advisories/25819/)\n[Secunia Advisory ID:26828](https://secuniaresearch.flexerasoftware.com/advisories/26828/)\n[Secunia Advisory ID:27361](https://secuniaresearch.flexerasoftware.com/advisories/27361/)\n[Secunia Advisory ID:25859](https://secuniaresearch.flexerasoftware.com/advisories/25859/)\n[Secunia Advisory ID:26463](https://secuniaresearch.flexerasoftware.com/advisories/26463/)\nRedHat RHSA: RHSA-2007:0605\nRedHat RHSA: RHSA-2007:0841\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200709-05.xml\nMail List Post: http://www.attrition.org/pipermail/vim/2007-October/001841.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0334.html\nISS X-Force ID: 35088\nFrSIRT Advisory: ADV-2007-3628\nFrSIRT Advisory: ADV-2007-2339\n[CVE-2007-3410](https://vulners.com/cve/CVE-2007-3410)\nCERT VU: 770904\nBugtraq ID: 24658\n", "published": "2007-06-26T07:32:18", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:38342", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-04-28T13:20:34"}, {"id": "OSVDB:37374", "type": "osvdb", "title": "RealPlayer/Helix Player smlprstime.cpp SmilTimeValue::parseWallClockValue Function SMIL File Handling Overflow", "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1018297\nSecurity Tracker: 1018299\n[Secunia Advisory ID:25819](https://secuniaresearch.flexerasoftware.com/advisories/25819/)\n[Secunia Advisory ID:26828](https://secuniaresearch.flexerasoftware.com/advisories/26828/)\n[Secunia Advisory ID:25859](https://secuniaresearch.flexerasoftware.com/advisories/25859/)\n[Secunia Advisory ID:26463](https://secuniaresearch.flexerasoftware.com/advisories/26463/)\nRedHat RHSA: RHSA-2007:0605\nRedHat RHSA: RHSA-2007:0841\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200709-05.xml\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547\nISS X-Force ID: 35088\nFrSIRT Advisory: ADV-2007-2339\n[CVE-2007-3410](https://vulners.com/cve/CVE-2007-3410)\nCERT VU: 770904\nBugtraq ID: 24658\n", "published": "2007-06-26T14:49:19", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:37374", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-04-28T13:20:33"}], "centos": [{"id": "CESA-2007:0605", "type": "centos", "title": "HelixPlayer security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0605\n\n\nHelixPlayer is a media player.\r\n\r\nA buffer overflow flaw was found in the way HelixPlayer processed\r\nSynchronized Multimedia Integration Language (SMIL) files. It was possible\r\nfor a malformed SMIL file to execute arbitrary code with the permissions of\r\nthe user running HelixPlayer. (CVE-2007-3410)\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains a backported patch and is not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013994.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013995.html\n\n**Affected packages:**\nHelixPlayer\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0605.html", "published": "2007-06-28T09:45:28", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/013994.html", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-10-12T14:44:51"}], "oraclelinux": [{"id": "ELSA-2007-0605", "type": "oraclelinux", "title": "Critical: HelixPlayer security update ", "description": " [1.0.6-0.EL4.2.0.2]\n - Rebuild for z-stream bz#245842\n \n [1.0.6-0.EL4.2]\n - Add a fix for CVE-2007-3410 ", "published": "2007-06-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0605.html", "cvelist": ["CVE-2007-3410"], "lastseen": "2016-09-04T11:15:56"}], "openvas": [{"id": "OPENVAS:861058", "type": "openvas", "title": "Fedora Update for HelixPlayer FEDORA-2007-0756", "description": "Check for the Version of HelixPlayer", "published": "2009-02-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861058", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-07-25T10:56:06"}, {"id": "OPENVAS:58602", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200709-05 (realplayer)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200709-05.", "published": "2008-09-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58602", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-07-24T12:50:02"}, {"id": "OPENVAS:60115", "type": "openvas", "title": "FreeBSD Ports: linux-realplayer", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60115", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "lastseen": "2017-07-02T21:10:10"}], "seebug": [{"id": "SSV:1930", "type": "seebug", "title": "RealPlayer/HelixPlayer ParseWallClockValue\u51fd\u6570\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "description": "BUGTRAQ ID: 24658\r\nCVE(CAN) ID: CVE-2007-3410\r\n\r\nRealPlayer\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5a92\u4f53\u64ad\u653e\u5668\uff0c\u652f\u6301\u591a\u79cd\u683c\u5f0f\uff1bHelixPlayer\u662f\u5176\u5f00\u6e90\u7248\u672c\u3002\r\n\r\nRealPlayer/HelixPlayer\u64ad\u653e\u5668\u7684\u5899\u58c1\u65f6\u949f\u5728\u5904\u7406\u65e5\u671f\u683c\u5f0f\u65f6\u5b58\u5728\u7f13\u51b2\u533a\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u7528\u6237\u673a\u5668\u3002\r\n\r\n\u5899\u58c1\u65f6\u949f\uff08wallclock\uff09\u529f\u80fd\u6ca1\u6709\u6b63\u786e\u5730\u5904\u7406HH:mm:ss.f\u65f6\u95f4\u683c\u5f0f\uff1a \r\n\r\n 924 HX_RESULT\r\n 925 SmilTimeValue::parseWallClockValue(REF(const char*) pCh)\r\n 926 {\r\n ...\r\n 957 char buf[10]; /* Flawfinder: ignore */\r\n ...\r\n 962 while (*pCh)\r\n 963 {\r\n ...\r\n 972 else if (isspace(*pCh) || *pCh == '+' || *pCh == '-' || *pCh == 'Z')\r\n 973 {\r\n 974 // this will find the last +, - or Z... which is what we want.\r\n 975 pTimeZone = pCh;\r\n 976 }\r\n ...\r\n 982 ++pCh;\r\n 983 }\r\n ...\r\n 1101 if (pTimePos)\r\n 1102 {\r\n 1103 //HH:MM...\r\n ....\r\n 1133 if (*(pos-1) == ':')\r\n 1134 {\r\n ....\r\n 1148 if (*(pos-1) == '.')\r\n 1149 {\r\n 1150 // find end.\r\n 1151 UINT32 len = 0;\r\n 1152 if (pTimeZone)\r\n 1153 {\r\n 1154 len = pTimeZone - pos;\r\n 1155 }\r\n 1156 else\r\n 1157 {\r\n 1158 len = end - pos;\r\n 1159 }\r\n 1160 strncpy(buf, pos, len); /* Flawfinder: ignore */\r\n\r\n\u5728957\u884c\u6808\u7f13\u51b2\u533a\u58f0\u660e\u4e3a10\u5b57\u8282\uff0c\u8be5\u884c\u7684\u6807\u6ce8\u5bfc\u81f4FlawFinder\u7a0b\u5e8f\u5ffd\u7565\u8fd9\u4e2a\u7f13\u51b2\u533a\u3002 \r\n\r\n962\u884c\u5f00\u59cb\u7684\u5faa\u73af\u901a\u8fc7\u4e00\u4e2a\u51fd\u6570\u53c2\u6570\u8fd0\u884c\uff0c\u8be5\u51fd\u6570\u7528\u4e8e\u5bfb\u627e\u8868\u793a\u65f6\u95f4\u683c\u5f0f\u4e2d\u4e0d\u540c\u90e8\u5206\u7684\u5b57\u7b26\u3002\u5982\u679c\u9047\u5230\u4e86\u7a7a\u683c\u3001\u201c+\u201d\u3001\u201c-\u201d\u3001\u6216\u201cZ\u201d\u5b57\u7b26\uff0c\u5c31\u4f1a\u8bb0\u5f55\u4e0b\u4f4d\u7f6e\u4ee5\u5907\u4e4b\u540e\u4f7f\u7528\u3002\u5982\u679c\u627e\u5230\u4e86\u65f6\u95f4\u4e14\u5305\u542b\u6709\u5192\u53f7\u548c\u9017\u53f7\uff0c\u5c31\u4f1a\u5230\u8fbe\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u3002\r\n\r\n1154\u62161158\u884c\u8ba1\u7b97\u5c06\u8981\u62f7\u8d1d\u5230\u6808\u7f13\u51b2\u533a\u7684\u6570\u636e\u957f\u5ea6\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u662f\u5426\u5b58\u5728\u65f6\u533a\u3002\u8fd9\u4e24\u5904\u8ba1\u7b97\u90fd\u6ca1\u6709\u8003\u8651buf\u7f13\u51b2\u533a\u7684\u5e38\u6570\u957f\u5ea6\uff0c\u56e0\u6b64\u57281160\u884c\u53ef\u80fd\u51fa\u73b0\u6808\u6ea2\u51fa\u3002\u6b64\u5916\uff0c\u8be5\u884c\u4e0d\u5b89\u5168\u5730\u4f7f\u7528strncpy()\u4e5f\u88ab\u6807\u8bb0\u4e86\u5ffd\u7565FlawFinder\u7684\u6807\u6ce8\u3002\r\n\r\n\u5982\u679c\u7528\u6237\u53d7\u9a97\u4f7f\u7528\u6709\u6f0f\u6d1e\u7684\u64ad\u653e\u5668\u52a0\u8f7d\u4e86\u540c\u6b65\u591a\u5a92\u4f53\u96c6\u6210\u8bed\u8a00\uff08SMIL\uff09\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n\n\nReal Networks RealPlayer 10.5-GOLD \r\nReal Networks Helix Player 10.5-GOLD\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n\u5982\u679c\u60a8\u4e0d\u80fd\u7acb\u523b\u5b89\u88c5\u8865\u4e01\u6216\u8005\u5347\u7ea7\uff0cNSFOCUS\u5efa\u8bae\u60a8\u91c7\u53d6\u4ee5\u4e0b\u63aa\u65bd\u4ee5\u964d\u4f4e\u5a01\u80c1\uff1a\r\n\r\n* \u4e3aCLSID CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA\u8bbe\u7f6ekill-bit\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nReal Networks\r\n-------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://www.real.com\" target=\"_blank\">http://www.real.com</a>", "published": "2007-06-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-1930", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-11-19T22:02:05"}], "saint": [{"id": "SAINT:8CC7664D64C422281AA11FC091C00C94", "type": "saint", "title": "RealPlayer SMIL file wallclock buffer overflow", "description": "Added: 06/29/2007 \nCVE: [CVE-2007-3410](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410>) \nBID: [24658](<http://www.securityfocus.com/bid/24658>) \nOSVDB: [37374](<http://www.osvdb.org/37374>) \n\n\n### Background\n\nRealPlayer includes support for Synchronized Multimedia Integration Language (SMIL) files. \n\n### Problem\n\nA buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL file. \n\n### Resolution\n\nUpdate to a fixed version of RealPlayer by selecting Check for Update under the Help menu in RealPlayer. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 Gold and requires a user to open the exploit file in Internet Explorer 6 or 7. \n\n### Platforms\n\nWindows \n \n\n", "published": "2007-06-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/realplayer_smil_wallclock", "cvelist": ["CVE-2007-3410"], "lastseen": "2016-12-14T16:58:05"}, {"id": "SAINT:E01BFCF2621FC36EB45091F4EE8DA493", "type": "saint", "title": "RealPlayer SMIL file wallclock buffer overflow", "description": "Added: 06/29/2007 \nCVE: [CVE-2007-3410](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410>) \nBID: [24658](<http://www.securityfocus.com/bid/24658>) \nOSVDB: [37374](<http://www.osvdb.org/37374>) \n\n\n### Background\n\nRealPlayer includes support for Synchronized Multimedia Integration Language (SMIL) files. \n\n### Problem\n\nA buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL file. \n\n### Resolution\n\nUpdate to a fixed version of RealPlayer by selecting Check for Update under the Help menu in RealPlayer. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 Gold and requires a user to open the exploit file in Internet Explorer 6 or 7. \n\n### Platforms\n\nWindows \n \n\n", "published": "2007-06-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/realplayer_smil_wallclock", "cvelist": ["CVE-2007-3410"], "lastseen": "2016-10-03T15:01:58"}, {"id": "SAINT:60890704B26EDE87E6FA037907CFA531", "type": "saint", "title": "RealPlayer SMIL file wallclock buffer overflow", "description": "Added: 06/29/2007 \nCVE: [CVE-2007-3410](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410>) \nBID: [24658](<http://www.securityfocus.com/bid/24658>) \nOSVDB: [37374](<http://www.osvdb.org/37374>) \n\n\n### Background\n\nRealPlayer includes support for Synchronized Multimedia Integration Language (SMIL) files. \n\n### Problem\n\nA buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL file. \n\n### Resolution\n\nUpdate to a fixed version of RealPlayer by selecting Check for Update under the Help menu in RealPlayer. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 Gold and requires a user to open the exploit file in Internet Explorer 6 or 7. \n\n### Platforms\n\nWindows \n \n\n", "published": "2007-06-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/realplayer_smil_wallclock", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-01-10T14:03:41"}], "gentoo": [{"id": "GLSA-200709-05", "type": "gentoo", "title": "RealPlayer: Buffer overflow", "description": "### Background\n\nRealPlayer is a multimedia player capable of handling multiple multimedia file formats. \n\n### Description\n\nA stack-based buffer overflow vulnerability has been reported in the SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when handling HH:mm:ss.f type time formats. \n\n### Impact\n\nBy enticing a user to open a specially crafted SMIL (Synchronized Multimedia Integration Language) file, an attacker could be able to execute arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll RealPlayer users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/realplayer-10.0.9\"", "published": "2007-09-14T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200709-05", "cvelist": ["CVE-2007-3410"], "lastseen": "2016-09-06T19:47:01"}], "redhat": [{"id": "RHSA-2007:0605", "type": "redhat", "title": "(RHSA-2007:0605) Critical: HelixPlayer security update", "description": "HelixPlayer is a media player.\r\n\r\nA buffer overflow flaw was found in the way HelixPlayer processed\r\nSynchronized Multimedia Integration Language (SMIL) files. It was possible\r\nfor a malformed SMIL file to execute arbitrary code with the permissions of\r\nthe user running HelixPlayer. (CVE-2007-3410)\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains a backported patch and is not vulnerable to this issue.", "published": "2007-06-27T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0605", "cvelist": ["CVE-2007-3410"], "lastseen": "2017-09-09T07:20:04"}, {"id": "RHSA-2007:0841", "type": "redhat", "title": "(RHSA-2007:0841) Critical: RealPlayer security update", "description": "RealPlayer is a media player that provides media playback locally and via\r\nstreaming.\r\n\r\nA buffer overflow flaw was found in the way RealPlayer processed\r\nSynchronized Multimedia Integration Language (SMIL) files. It was possible\r\nfor a malformed SMIL file to execute arbitrary code with the permissions of\r\nthe user running RealPlayer. (CVE-2007-3410)\r\n\r\nAll users of RealPlayer are advised to upgrade to this updated package\r\ncontaining RealPlayer version 10.0.9 which is not vulnerable to this issue.", "published": "2007-08-17T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0841", "cvelist": ["CVE-2007-2263", "CVE-2007-2264", "CVE-2007-3410", "CVE-2007-5081"], "lastseen": "2017-09-09T07:19:34"}], "exploitdb": [{"id": "EDB-ID:4118", "type": "exploitdb", "title": "RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow PoC", "description": "RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow PoC. CVE-2007-3410. Dos exploit for windows platform", "published": "2007-06-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/4118/", "cvelist": ["CVE-2007-3410"], "lastseen": "2016-01-31T20:11:49"}], "freebsd": [{"id": "F762CCBB-BAED-11DC-A302-000102CC8983", "type": "freebsd", "title": "linux-realplayer -- multiple vulnerabilities", "description": "\nSecunia reports:\n\nMultiple vulnerabilities have been reported in\n\t RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious\n\t people to compromise a user's system.\nAn input validation error when processing .RA/.RAM files can be\n\t exploited to cause a heap corruption via a specially crafted\n\t .RA/.RAM file with an overly large size field in the header.\nAn error in the processing of .PLS files can be exploited to cause\n\t a memory corruption and execute arbitrary code via a specially\n\t crafted .PLS file.\nAn input validation error when parsing .SWF files can be exploited\n\t to cause a buffer overflow via a specially crafted .SWF file with\n\t malformed record headers.\nA boundary error when processing rm files can be exploited to\n\t cause a buffer overflow.\n\n", "published": "2007-10-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/f762ccbb-baed-11dc-a302-000102cc8983.html", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "lastseen": "2016-09-26T17:24:58"}]}}