{"id": "SL_20070627_HELIXPLAYER_ON_SL4_X.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64", "description": "A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)", "published": "2012-08-01T00:00:00", "modified": "2015-01-15T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60220", "reporter": "Tenable", "references": ["http://www.nessus.org/u?7975e86f"], "cvelist": ["CVE-2007-3410"], "type": "nessus", "lastseen": "2018-09-01T23:33:10", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2007-3410"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)", "edition": 1, "enchantments": {}, "hash": "4ed351559b9fd3c7e9fb1727fb472c853cbb9ed5ac707c07d223c2d37581571f", "hashmap": [{"hash": "8a85424ffa4731b6b720ad81529796fd", "key": "sourceData"}, {"hash": "c459074115a427141f584ccc9fd3d8cc", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ff9b401529ad052db50e89f363430ebc", "key": "pluginID"}, {"hash": "5a702aacd945b32ecec20a7ee647fb31", "key": "modified"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "0701beb1b3fbc3538c67e3a64501b32d", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "afff7b4f79cb0279de5b40b664d6bb49", "key": "cvelist"}, {"hash": "56ae65b1e750f6620542172d23096512", "key": "title"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "de8e6d6855da599533fc924ac23a0bca", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=60220", "id": "SL_20070627_HELIXPLAYER_ON_SL4_X.NASL", "lastseen": "2016-09-26T17:23:07", "modified": "2015-01-15T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "60220", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?7975e86f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60220);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/01/15 16:37:17 $\");\n\n script_cve_id(\"CVE-2007-3410\");\n\n script_name(english:\"Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=3791\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7975e86f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2007-3410"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "0278adc18b981f6440fd675883070cceb513cfa1077933f6a053c5d29fd69859", "hashmap": [{"hash": "8a85424ffa4731b6b720ad81529796fd", "key": "sourceData"}, {"hash": "c459074115a427141f584ccc9fd3d8cc", "key": "href"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ff9b401529ad052db50e89f363430ebc", "key": "pluginID"}, {"hash": "5a702aacd945b32ecec20a7ee647fb31", "key": "modified"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "0701beb1b3fbc3538c67e3a64501b32d", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "afff7b4f79cb0279de5b40b664d6bb49", "key": "cvelist"}, {"hash": "56ae65b1e750f6620542172d23096512", "key": "title"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "de8e6d6855da599533fc924ac23a0bca", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=60220", "id": "SL_20070627_HELIXPLAYER_ON_SL4_X.NASL", "lastseen": "2018-08-30T19:30:07", "modified": "2015-01-15T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "60220", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?7975e86f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60220);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/01/15 16:37:17 $\");\n\n script_cve_id(\"CVE-2007-3410\");\n\n script_name(english:\"Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=3791\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7975e86f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:30:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2007-3410"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "29769c5329ccd7741b5d4015211494316044cc353f9b9fe2ac1f10852cb14a3f", "hashmap": [{"hash": "8a85424ffa4731b6b720ad81529796fd", "key": "sourceData"}, {"hash": "c459074115a427141f584ccc9fd3d8cc", "key": "href"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ff9b401529ad052db50e89f363430ebc", "key": "pluginID"}, {"hash": "5a702aacd945b32ecec20a7ee647fb31", "key": "modified"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "0701beb1b3fbc3538c67e3a64501b32d", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "afff7b4f79cb0279de5b40b664d6bb49", "key": "cvelist"}, {"hash": "56ae65b1e750f6620542172d23096512", "key": "title"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "published"}, {"hash": "de8e6d6855da599533fc924ac23a0bca", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=60220", "id": "SL_20070627_HELIXPLAYER_ON_SL4_X.NASL", "lastseen": "2017-10-29T13:33:11", "modified": "2015-01-15T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "60220", "published": "2012-08-01T00:00:00", "references": ["http://www.nessus.org/u?7975e86f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60220);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/01/15 16:37:17 $\");\n\n script_cve_id(\"CVE-2007-3410\");\n\n script_name(english:\"Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=3791\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7975e86f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:33:11"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "b1e432cd926620a2b9bd9816ef9503c6"}, {"key": "cvelist", "hash": "afff7b4f79cb0279de5b40b664d6bb49"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "0701beb1b3fbc3538c67e3a64501b32d"}, {"key": "href", "hash": "c459074115a427141f584ccc9fd3d8cc"}, {"key": "modified", "hash": "5a702aacd945b32ecec20a7ee647fb31"}, {"key": "naslFamily", "hash": "b3a4d461a1383c8ba9fa401b58d29827"}, {"key": "pluginID", "hash": "ff9b401529ad052db50e89f363430ebc"}, {"key": "published", "hash": "3ff4afbf9eedf98937c2e5c5cf13456f"}, {"key": "references", "hash": "de8e6d6855da599533fc924ac23a0bca"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "8a85424ffa4731b6b720ad81529796fd"}, {"key": "title", "hash": "56ae65b1e750f6620542172d23096512"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "29769c5329ccd7741b5d4015211494316044cc353f9b9fe2ac1f10852cb14a3f", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60220);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/01/15 16:37:17 $\");\n\n script_cve_id(\"CVE-2007-3410\");\n\n script_name(english:\"Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=3791\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7975e86f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "60220", "cpe": ["x-cpe:/o:fermilab:scientific_linux"]}

{"cve": [{"lastseen": "2017-10-11T11:07:13", "references": ["http://www.attrition.org/pipermail/vim/2007-October/001841.html", "http://security.gentoo.org/glsa/glsa-200709-05.xml", "http://www.redhat.com/support/errata/RHSA-2007-0841.html", "http://www.vupen.com/english/advisories/2007/3628", "http://securitytracker.com/id?1018299", "http://www.securityfocus.com/bid/24658", "http://service.real.com/realplayer/security/10252007_player/en/", "http://www.vupen.com/english/advisories/2007/2339", "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547", "http://securitytracker.com/id?1018297", "https://exchange.xforce.ibmcloud.com/vulnerabilities/35088", "http://www.redhat.com/support/errata/RHSA-2007-0605.html", "http://www.kb.cert.org/vuls/id/770904"], "description": "Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.", "edition": 3, "reporter": "NVD", "published": "2007-06-26T18:30:00", "title": "CVE-2007-3410", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:07:13", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10554", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-3410"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10554", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10554"}], "modified": "2017-10-10T21:32:47", "cpe": ["cpe:/a:realnetworks:realplayer:10.1", "cpe:/a:realnetworks:helix_player:10.0.7", "cpe:/a:realnetworks:realplayer:10.0", "cpe:/a:realnetworks:helix_player:10.0.5", "cpe:/a:realnetworks:helix_player:10.0.8", "cpe:/a:realnetworks:realone_player", "cpe:/a:realnetworks:helix_player:10.0.6", "cpe:/a:realnetworks:realplayer:10.5", "cpe:/a:realnetworks:helix_player:10.5-gold", "cpe:/a:realnetworks:realplayer_enterprise"], "id": "CVE-2007-3410", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3410", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-08-31T02:37:20", "references": ["https://player.helixcommunity.org/", "http://www.real.com/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3410", "http://real.custhelp.com/cgi-bin/real.cfg/php/enduser/std_adp.php?p_faqid=6929", "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547", "http://www.w3.org/TR/SMIL/", "http://www.realplayer.com/"], "description": "### Overview\n\nA buffer overflow in RealNetworks media players could allow a remote attacker to execute arbitrary code on an affected system.\n\n### Description\n\nThe [RealNetworks](<http://www.real.com/>) [RealPlayer](<http://www.realplayer.com/>) and [Helix Player](<https://player.helixcommunity.org/>) applications allow users to view local and remote audio and video content. These players support multiple media formats including the synchronized multimedia integration language ([SMIL](<http://www.w3.org/TR/SMIL/>)). A stack-based buffer overflow exists in the way that these players handle the \"wallclock-sync\" values encoded in the SMIL data. A remote attacker with the ability to supply a specially crafted media file or stream could exploit this vulnerability to execute arbitrary code on an affected system. \n\nNote that we are aware of publicly-available exploit code for this vulnerability. \n \n--- \n \n### Impact\n\nA remote unauthenticated attacker could execute arbitrary code with the privileges of the user running a vulnerable application or cause the vulnerable application to crash, resulting in a denial of service. \n \n--- \n \n### Solution\n\n**Apply an update from the vendor** \n \nThe latest versions of the affected software available at the time of this writing are reported to contain a patch for this issue. Users of RealPlayer are encouraged to take the following steps to update: \n\n * Windows users are encouraged to follow the steps outlined in [RealNetworks support document Answer ID 6929](<http://real.custhelp.com/cgi-bin/real.cfg/php/enduser/std_adp.php?p_faqid=6929>)\n * RealPlayer for Mac OS X users should take the following steps: \n1\\. Go the RealPlayer menu. \n2\\. Choose Check for Update. \n3\\. Select the box next to the \"RealPlayer 10 Latest Release\" component. \n4\\. Click Install to download and install the update \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nRealNetworks, Inc.| | 27 Jun 2007| 28 Jun 2007 \nRed Hat, Inc.| | -| 27 Jun 2007 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23770904 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547>\n\n### Credit\n\nThis vulnerability was reported by iDefense Labs in iDefense Labs Public Advisory: 06.26.07 . iDefense credits an anonymous researcher with reporting this vulnerability to them.\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n * CVE IDs: [CVE-2007-3410](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3410>)\n * Date Public: 26 Jun 2007\n * Date First Published: 28 Jun 2007\n * Date Last Updated: 28 Jun 2007\n * Severity Metric: 22.27\n * Document Revision: 5\n\n", "edition": 4, "reporter": "CERT", "published": "2007-06-28T00:00:00", "title": "RealNetworks players SMIL \"wallclock\" buffer overflow", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "info", "cvelist": ["CVE-2007-3410", "CVE-2007-3410"], "modified": "2007-06-28T00:00:00", "id": "VU:770904", "href": "https://www.kb.cert.org/vuls/id/770904", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://service.real.com/realplayer/security/10252007_player/en/\nSecurity Tracker: 1018297\nSecurity Tracker: 1018299\n[Secunia Advisory ID:25819](https://secuniaresearch.flexerasoftware.com/advisories/25819/)\n[Secunia Advisory ID:26828](https://secuniaresearch.flexerasoftware.com/advisories/26828/)\n[Secunia Advisory ID:27361](https://secuniaresearch.flexerasoftware.com/advisories/27361/)\n[Secunia Advisory ID:25859](https://secuniaresearch.flexerasoftware.com/advisories/25859/)\n[Secunia Advisory ID:26463](https://secuniaresearch.flexerasoftware.com/advisories/26463/)\nRedHat RHSA: RHSA-2007:0605\nRedHat RHSA: RHSA-2007:0841\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200709-05.xml\nMail List Post: http://www.attrition.org/pipermail/vim/2007-October/001841.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0334.html\nISS X-Force ID: 35088\nFrSIRT Advisory: ADV-2007-3628\nFrSIRT Advisory: ADV-2007-2339\n[CVE-2007-3410](https://vulners.com/cve/CVE-2007-3410)\nCERT VU: 770904\nBugtraq ID: 24658\n", "edition": 1, "reporter": "OSVDB", "published": "2007-06-26T07:32:18", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "RealPlayer smlprstime.cpp SmilTimeValue::parseWallClockValue Function SMIL File Handling Overflow", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3410"], "modified": "2007-06-26T07:32:18", "href": "https://vulners.com/osvdb/OSVDB:38342", "id": "OSVDB:38342", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1018297\nSecurity Tracker: 1018299\n[Secunia Advisory ID:25819](https://secuniaresearch.flexerasoftware.com/advisories/25819/)\n[Secunia Advisory ID:26828](https://secuniaresearch.flexerasoftware.com/advisories/26828/)\n[Secunia Advisory ID:25859](https://secuniaresearch.flexerasoftware.com/advisories/25859/)\n[Secunia Advisory ID:26463](https://secuniaresearch.flexerasoftware.com/advisories/26463/)\nRedHat RHSA: RHSA-2007:0605\nRedHat RHSA: RHSA-2007:0841\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200709-05.xml\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547\nISS X-Force ID: 35088\nFrSIRT Advisory: ADV-2007-2339\n[CVE-2007-3410](https://vulners.com/cve/CVE-2007-3410)\nCERT VU: 770904\nBugtraq ID: 24658\n", "edition": 1, "reporter": "OSVDB", "published": "2007-06-26T14:49:19", "title": "RealPlayer/Helix Player smlprstime.cpp SmilTimeValue::parseWallClockValue Function SMIL File Handling Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3410"], "modified": "2007-06-26T14:49:19", "href": "https://vulners.com/osvdb/OSVDB:37374", "id": "OSVDB:37374", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:44:42", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-June/000254.html"], "pluginID": "67538", "description": "From Red Hat Security Advisory 2007:0605 :\n\nAn updated HelixPlayer package that fixes a buffer overflow flaw is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : HelixPlayer (ELSA-2007-0605)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:HelixPlayer", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2007-0605.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67538", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0605 and \n# Oracle Linux Security Advisory ELSA-2007-0605 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67538);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/08/13 14:32:36\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_xref(name:\"RHSA\", value:\"2007:0605\");\n\n script_name(english:\"Oracle Linux 4 : HelixPlayer (ELSA-2007-0605)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0605 :\n\nAn updated HelixPlayer package that fixes a buffer overflow flaw is\nnow available.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains a backported patch and is not vulnerable to\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000254.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected helixplayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:48", "references": ["http://www.nessus.org/u?e4b54f98", "http://www.nessus.org/u?0affccca"], "pluginID": "27679", "description": "A buffer overflow flaw was discovered in the way RealPlayer and HelixPlayer handle the wallclock variable in Synchronized Multimedia Integration Language (SMIL) files.\n\nMore information regarding this flaw can be found here:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=5 47\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2007-11-06T00:00:00", "title": "Fedora 7 : HelixPlayer-1.0.7-6.fc7 (2007-0756)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2015-10-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:HelixPlayer-plugin", "p-cpe:/a:fedoraproject:fedora:HelixPlayer-debuginfo", "p-cpe:/a:fedoraproject:fedora:HelixPlayer"], "id": "FEDORA_2007-0756.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27679", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-0756.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27679);\n script_version (\"$Revision: 1.22 $\");\n script_cvs_date(\"$Date: 2015/10/21 21:46:28 $\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_xref(name:\"FEDORA\", value:\"2007-0756\");\n\n script_name(english:\"Fedora 7 : HelixPlayer-1.0.7-6.fc7 (2007-0756)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was discovered in the way RealPlayer and\nHelixPlayer handle the wallclock variable in Synchronized Multimedia\nIntegration Language (SMIL) files.\n\nMore information regarding this flaw can be found here:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=5\n47\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0affccca\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-June/002450.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4b54f98\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected HelixPlayer, HelixPlayer-debuginfo and / or\nHelixPlayer-plugin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:HelixPlayer-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"HelixPlayer-1.0.7-6.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"HelixPlayer-debuginfo-1.0.7-6.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"HelixPlayer-plugin-1.0.7-6.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer / HelixPlayer-debuginfo / HelixPlayer-plugin\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:08:41", "references": ["http://www.nessus.org/u?3e6b8b19", "http://www.nessus.org/u?ce655a86"], "pluginID": "25614", "description": "An updated HelixPlayer package that fixes a buffer overflow flaw is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.", "edition": 5, "reporter": "Tenable", "published": "2007-06-29T00:00:00", "title": "CentOS 4 : HelixPlayer (CESA-2007:0605)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:HelixPlayer"], "id": "CENTOS_RHSA-2007-0605.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25614", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0605 and \n# CentOS Errata and Security Advisory 2007:0605 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25614);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/08/09 17:06:35\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_xref(name:\"RHSA\", value:\"2007:0605\");\n\n script_name(english:\"CentOS 4 : HelixPlayer (CESA-2007:0605)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a buffer overflow flaw is\nnow available.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains a backported patch and is not vulnerable to\nthis issue.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2007-June/013994.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e6b8b19\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2007-June/013995.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce655a86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected helixplayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:33", "references": ["http://rhn.redhat.com/errata/RHSA-2007-0605.html", "https://www.redhat.com/security/data/cve/CVE-2007-3410.html"], "pluginID": "25624", "description": "An updated HelixPlayer package that fixes a buffer overflow flaw is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.", "edition": 6, "reporter": "Tenable", "published": "2007-06-29T00:00:00", "title": "RHEL 4 : HelixPlayer (RHSA-2007:0605)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:HelixPlayer", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.5"], "id": "REDHAT-RHSA-2007-0605.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25624", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0605. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25624);\n script_version (\"1.30\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_xref(name:\"RHSA\", value:\"2007:0605\");\n\n script_name(english:\"RHEL 4 : HelixPlayer (RHSA-2007:0605)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated HelixPlayer package that fixes a buffer overflow flaw is\nnow available.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nHelixPlayer is a media player.\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running HelixPlayer. (CVE-2007-3410)\n\nAll users of HelixPlayer are advised to upgrade to this updated\npackage, which contains a backported patch and is not vulnerable to\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-3410.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2007-0605.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected HelixPlayer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:HelixPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0605\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"HelixPlayer-1.0.6-0.EL4.2.0.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HelixPlayer\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:38:54", "references": ["https://security.gentoo.org/glsa/200709-05"], "pluginID": "26095", "description": "The remote host is affected by the vulnerability described in GLSA-200709-05 (RealPlayer: Buffer overflow)\n\n A stack-based buffer overflow vulnerability has been reported in the SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when handling HH:mm:ss.f type time formats.\n Impact :\n\n By enticing a user to open a specially crafted SMIL (Synchronized Multimedia Integration Language) file, an attacker could be able to execute arbitrary code with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2007-09-24T00:00:00", "title": "GLSA-200709-05 : RealPlayer: Buffer overflow", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2018-08-10T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:realplayer", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200709-05.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=26095", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200709-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(26095);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_xref(name:\"GLSA\", value:\"200709-05\");\n\n script_name(english:\"GLSA-200709-05 : RealPlayer: Buffer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200709-05\n(RealPlayer: Buffer overflow)\n\n A stack-based buffer overflow vulnerability has been reported in the\n SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when\n handling HH:mm:ss.f type time formats.\n \nImpact :\n\n By enticing a user to open a specially crafted SMIL (Synchronized\n Multimedia Integration Language) file, an attacker could be able to\n execute arbitrary code with the privileges of the user running the\n application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200709-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All RealPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/realplayer\", unaffected:make_list(\"ge 10.0.9\"), vulnerable:make_list(\"lt 10.0.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"RealPlayer\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:14", "references": ["http://www.securityfocus.com/archive/1/472295/30/0/threaded", "http://www.nessus.org/u?73f95fcd"], "pluginID": "25573", "description": "According to its build number, the installed version of RealPlayer on the remote Windows host contains a stack-based buffer overflow that can be triggered by a specially crafted SMIL file, perhaps accessed over the web using the CLSID 'CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA'.\nA remote attacker may be able to exploit this issue to execute arbitrary code subject to the user's privileges on the affected host.", "edition": 5, "reporter": "Tenable", "published": "2007-06-27T00:00:00", "title": "RealPlayer for Windows < Build 6.0.12.1578 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/a:realnetworks:realplayer"], "id": "REALPLAYER_6_0_12_1578.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25573", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25573);\n script_version(\"1.22\");\n\n script_cve_id(\"CVE-2007-3410\");\n script_bugtraq_id(24658);\n\n script_name(english:\"RealPlayer for Windows < Build 6.0.12.1578 Multiple Vulnerabilities\");\n script_summary(english:\"Checks RealPlayer build number\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by a buffer overflow\nvulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its build number, the installed version of RealPlayer on\nthe remote Windows host contains a stack-based buffer overflow that\ncan be triggered by a specially crafted SMIL file, perhaps accessed\nover the web using the CLSID 'CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA'.\nA remote attacker may be able to exploit this issue to execute\narbitrary code subject to the user's privileges on the affected host.\" );\n # http://www.verisigninc.com/en_US/cyber-security/security-intelligence/vulnerability-reports/articles/index.xhtml?id=547\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?73f95fcd\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/472295/30/0/threaded\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrading to the latest version of the product supposedly resolves the\nissue, although the vendor has not confirmed that.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/06/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/06/26\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:realnetworks:realplayer\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"realplayer_detect.nasl\");\n script_require_keys(\"SMB/RealPlayer/Product\", \"SMB/RealPlayer/Build\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\n# nb: there's no information regarding whether RealOne Player \n# or RealPlayer Enterprise are also affected.\nprod = get_kb_item(\"SMB/RealPlayer/Product\");\nif (!prod || prod != \"RealPlayer\") exit(0);\n\n\n# There's a problem if the build is before 6.0.12.1578.\nbuild = get_kb_item(\"SMB/RealPlayer/Build\");\nif (!build) exit(0);\n\nver = split(build, sep:'.', keep:FALSE);\nif (\n int(ver[0]) < 6 ||\n (\n int(ver[0]) == 6 &&\n int(ver[1]) == 0 && \n (\n int(ver[2]) < 12 ||\n (int(ver[2]) == 12 && int(ver[3]) < 1578)\n )\n )\n)\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" build \", build, \" is installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:33", "references": ["http://www.zerodayinitiative.com/advisories/ZDI-07-062.html", "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html", "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html", "http://service.real.com/realplayer/security/10252007_player/en/", "http://www.nessus.org/u?21866adf"], "pluginID": "29866", "description": "Secunia reports :\n\nMultiple vulnerabilities have been reported in RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious people to compromise a user's system.\n\nAn input validation error when processing .RA/.RAM files can be exploited to cause a heap corruption via a specially crafted .RA/.RAM file with an overly large size field in the header.\n\nAn error in the processing of .PLS files can be exploited to cause a memory corruption and execute arbitrary code via a specially crafted .PLS file.\n\nAn input validation error when parsing .SWF files can be exploited to cause a buffer overflow via a specially crafted .SWF file with malformed record headers.\n\nA boundary error when processing rm files can be exploited to cause a buffer overflow.", "edition": 4, "reporter": "Tenable", "published": "2008-01-07T00:00:00", "title": "FreeBSD : linux-realplayer -- multiple vulnerabilities (f762ccbb-baed-11dc-a302-000102cc8983)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "modified": "2015-01-15T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-realplayer", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F762CCBBBAED11DCA302000102CC8983.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29866", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29866);\n script_version(\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2015/01/15 16:37:16 $\");\n\n script_cve_id(\"CVE-2007-2263\", \"CVE-2007-2264\", \"CVE-2007-3410\", \"CVE-2007-5081\");\n script_xref(name:\"CERT\", value:\"759385\");\n script_xref(name:\"Secunia\", value:\"25819\");\n script_xref(name:\"Secunia\", value:\"27361\");\n\n script_name(english:\"FreeBSD : linux-realplayer -- multiple vulnerabilities (f762ccbb-baed-11dc-a302-000102cc8983)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nMultiple vulnerabilities have been reported in\nRealPlayer/RealOne/HelixPlayer, which can be exploited by malicious\npeople to compromise a user's system.\n\nAn input validation error when processing .RA/.RAM files can be\nexploited to cause a heap corruption via a specially crafted .RA/.RAM\nfile with an overly large size field in the header.\n\nAn error in the processing of .PLS files can be exploited to cause a\nmemory corruption and execute arbitrary code via a specially crafted\n.PLS file.\n\nAn input validation error when parsing .SWF files can be exploited to\ncause a buffer overflow via a specially crafted .SWF file with\nmalformed record headers.\n\nA boundary error when processing rm files can be exploited to cause a\nbuffer overflow.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://service.real.com/realplayer/security/10252007_player/en/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zerodayinitiative.com/advisories/ZDI-07-063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zerodayinitiative.com/advisories/ZDI-07-062.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zerodayinitiative.com/advisories/ZDI-07-061.html\"\n );\n # http://www.freebsd.org/ports/portaudit/f762ccbb-baed-11dc-a302-000102cc8983.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21866adf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-realplayer>=10.0.5<10.0.9.809.20070726\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:08", "references": ["https://www.redhat.com/security/data/cve/CVE-2007-2263.html", "http://rhn.redhat.com/errata/RHSA-2007-0841.html", "https://www.redhat.com/security/data/cve/CVE-2007-3410.html", "https://www.redhat.com/security/data/cve/CVE-2007-5081.html", "https://www.redhat.com/security/data/cve/CVE-2007-2264.html"], "pluginID": "40707", "description": "An updated RealPlayer package that fixes a security flaw is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and via streaming.\n\nA buffer overflow flaw was found in the way RealPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running RealPlayer. (CVE-2007-3410)\n\nAll users of RealPlayer are advised to upgrade to this updated package containing RealPlayer version 10.0.9 which is not vulnerable to this issue.", "edition": 6, "reporter": "Tenable", "published": "2009-08-24T00:00:00", "title": "RHEL 3 / 4 / 5 : RealPlayer (RHSA-2007:0841)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "modified": "2018-08-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:realplayer", "p-cpe:/a:redhat:enterprise_linux:RealPlayer"], "id": "REDHAT-RHSA-2007-0841.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40707", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0841. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40707);\n script_version (\"1.27\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2007-2263\", \"CVE-2007-2264\", \"CVE-2007-3410\", \"CVE-2007-5081\");\n script_xref(name:\"RHSA\", value:\"2007:0841\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : RealPlayer (RHSA-2007:0841)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated RealPlayer package that fixes a security flaw is now\navailable for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nRealPlayer is a media player that provides media playback locally and\nvia streaming.\n\nA buffer overflow flaw was found in the way RealPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. It was\npossible for a malformed SMIL file to execute arbitrary code with the\npermissions of the user running RealPlayer. (CVE-2007-3410)\n\nAll users of RealPlayer are advised to upgrade to this updated package\ncontaining RealPlayer version 10.0.9 which is not vulnerable to this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-2263.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-2264.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-3410.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-5081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2007-0841.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected RealPlayer and / or realplayer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:RealPlayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:realplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0841\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"realplayer-10.0.9-0.rhel3.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"RealPlayer-10.0.9-2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"RealPlayer-10.0.9-3.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"RealPlayer / realplayer\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:43:54", "references": ["http://seclists.org/fulldisclosure/2007/Oct/925", "http://www.securityfocus.com/archive/1/482856/30/0/threaded", "http://service.real.com/realplayer/security/10252007_player/en/", "http://seclists.org/fulldisclosure/2007/Oct/922", "http://seclists.org/fulldisclosure/2007/Oct/924", "http://www.securityfocus.com/archive/1/482855/30/0/threaded", "http://www.securityfocus.com/archive/1/482942/30/0/threaded"], "pluginID": "27591", "description": "According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from several buffer overflows involving specially crafted media files (eg, '.mp3', '.rm', '.SMIL', '.swf', '.ram', and '.pls'). If an attacker can trick a user on the affected system into opening such a file or browsing to a specially crafted web page, he may be able to exploit one of these issues to execute arbitrary code subject to the user's privileges on the affected host.", "edition": 7, "reporter": "Tenable", "published": "2007-10-30T00:00:00", "title": "RealPlayer for Windows < Build 6.0.12.1662 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4599", "CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410", "CVE-2007-5080"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/a:realnetworks:realplayer"], "id": "REALPLAYER_6_0_12_1662.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27591", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27591);\n script_version(\"1.20\");\n\n script_cve_id(\"CVE-2007-2263\", \"CVE-2007-2264\", \"CVE-2007-3410\",\n \"CVE-2007-4599\", \"CVE-2007-5080\", \"CVE-2007-5081\");\n script_bugtraq_id(24658, 26214, 26284);\n\n script_name(english:\"RealPlayer for Windows < Build 6.0.12.1662 Multiple Vulnerabilities\");\n script_summary(english:\"Checks RealPlayer build number\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows application is affected by several buffer overflow\nvulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its build number, the installed version of RealPlayer /\nRealOne Player / RealPlayer Enterprise on the remote Windows host\nsuffers from several buffer overflows involving specially crafted\nmedia files (eg, '.mp3', '.rm', '.SMIL', '.swf', '.ram', and '.pls'). \nIf an attacker can trick a user on the affected system into opening\nsuch a file or browsing to a specially crafted web page, he may be\nable to exploit one of these issues to execute arbitrary code subject\nto the user's privileges on the affected host.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/482855/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/482856/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/482942/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2007/Oct/922\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2007/Oct/924\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2007/Oct/925\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://service.real.com/realplayer/security/10252007_player/en/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to RealPlayer 10.5 build 6.0.12.1662 / RealPlayer Enterprise\nbuild 6.0.11.2160 or later. \n\nNote that the vendor's advisory states that build numbers for\nRealPlayer 10.5 are not sequential.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119, 189);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/10/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/06/26\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/10/05\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:realnetworks:realplayer\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"realplayer_detect.nasl\");\n script_require_keys(\"SMB/RealPlayer/Product\", \"SMB/RealPlayer/Build\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\nprod = get_kb_item(\"SMB/RealPlayer/Product\");\nif (!prod) exit(0);\n\n\nbuild = get_kb_item(\"SMB/RealPlayer/Build\");\nif (!build) exit(0);\n\nver = split(build, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n\nvuln = FALSE;\nif (\"RealPlayer\" == prod)\n{\n # nb: build numbers ARE NOT NECESSARILY SEQUENTIAL!\n if (\n ver[0] < 6 ||\n (\n ver[0] == 6 && ver[1] == 0 && \n (\n ver[2] < 12 ||\n (\n ver[2] == 12 && \n (\n ver[3] <= 1578 ||\n ver[3] == 1698 ||\n ver[3] == 1741\n )\n )\n )\n )\n ) vuln = TRUE;\n}\nelse if (\"RealPlayer Enterprise\" == prod)\n{\n # Fix is 6.0.11.2160 per \n # <http://service.real.com/realplayer/security/security/enterprise_102507.html>.\n if (\n ver[0] < 6 ||\n (\n ver[0] == 6 && ver[1] == 0 && \n (\n ver[2] < 11 ||\n (ver[2] == 11 && ver[3] < 2160)\n )\n )\n ) vuln = TRUE;\n}\nelse if (\"RealOne Player\" == prod)\n{\n vuln = TRUE;\n}\n\n\nif (vuln)\n{\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" build \", build, \" is installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "d2": [{"lastseen": "2016-09-25T14:11:07", "references": [], "description": "**Name**| d2sec_real_wallclock \n---|--- \n**CVE**| CVE-2007-3410 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| RealPlayer ParseWallClockValue Stack Overflow Vulnerability \n**Notes**| \n", "edition": 1, "reporter": "DSquare", "published": "2007-06-26T18:30:00", "title": "DSquare Exploit Pack: D2SEC_REAL_WALLCLOCK", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "d2", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-26T18:30:00", "id": "D2SEC_REAL_WALLCLOCK", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_real_wallclock", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:44:51", "references": ["https://rhn.redhat.com/errata/RHSA-2007-0605.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm", "packageName": "HelixPlayer", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm", "packageName": "HelixPlayer", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm", "packageName": "HelixPlayer", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm", "packageName": "HelixPlayer", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2007:0605\n\n\nHelixPlayer is a media player.\r\n\r\nA buffer overflow flaw was found in the way HelixPlayer processed\r\nSynchronized Multimedia Integration Language (SMIL) files. It was possible\r\nfor a malformed SMIL file to execute arbitrary code with the permissions of\r\nthe user running HelixPlayer. (CVE-2007-3410)\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains a backported patch and is not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013994.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013995.html\n\n**Affected packages:**\nHelixPlayer\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0605.html", "edition": 2, "reporter": "CentOS Project", "published": "2007-06-28T09:45:28", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "HelixPlayer security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-28T09:45:34", "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/013994.html", "id": "CESA-2007:0605", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:26", "references": ["https://vulners.com/securityvulns/securityvulns:doc:17365"], "description": "Buffer overflow on SMIL2 format time parsing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2007-06-27T00:00:00", "title": "RealPlayer / HelixPlayer buffer overflow", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:26", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "RealPlayer", "version": "10.5", "operator": "eq"}, {"name": "HelixPlayer", "version": "10.5", "operator": "eq"}], "cvelist": ["CVE-2007-3410"], "modified": "2007-06-27T00:00:00", "id": "SECURITYVULNS:VULN:7856", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7856", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:22", "references": [], "description": "RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow\r\nVulnerability\r\n\r\niDefense Security Advisory 06.26.07\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nJun 26, 2007\r\n\r\nI. BACKGROUND\r\n\r\nRealPlayer is an application for playing various media formats,\r\ndeveloped by RealNetworks Inc. HelixPlayer is the open source version\r\nof RealPlayer. More information can be found at the URLs shown below.\r\n\r\nhttp://www.real.com/realplayer.html\r\nhttp://helixcommunity.org/\r\n\r\nSynchronized Multimedia Integration Language &#40;SMIL&#41; is a markup language\r\nused to specify the use of several multi-media concepts when rendering\r\nmedia. Some such concepts are timing, transitions, and embedding. More\r\ninformation is available from WikiPedia at the following URL.\r\n\r\nhttp://en.wikipedia.org/wiki/Synchronized_Multimedia_Integration_Language\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a buffer overflow within RealNetworks&#39; RealPlayer\r\nand HelixPlayer allows attackers to execute arbitrary code in the context\r\nof the user.\r\n\r\nThe issue specifically exists in the handling of HH:mm:ss.f time formats\r\nby the &#39;wallclock&#39; functionality within the code supporting SMIL2. An\r\nexcerpt from the code follows.\r\n\r\n 924 HX_RESULT\r\n 925 SmilTimeValue::parseWallClockValue&#40;REF&#40;const char*&#41; pCh&#41;\r\n 926 {\r\n ...\r\n 957 char buf[10]; /* Flawfinder: ignore */\r\n ...\r\n 962 while &#40;*pCh&#41;\r\n 963 {\r\n ...\r\n 972 else if &#40;isspace&#40;*pCh&#41; || *pCh == &#39;+&#39; || *pCh == &#39;-&#39;\r\n|| *pCh == &#39;Z&#39;&#41;\r\n 973 {\r\n 974 // this will find the last +, - or Z... which is\r\nwhat we want.\r\n 975 pTimeZone = pCh;\r\n 976 }\r\n ...\r\n 982 ++pCh;\r\n 983 }\r\n ...\r\n 1101 if &#40;pTimePos&#41;\r\n 1102 {\r\n 1103 //HH:MM...\r\n ....\r\n 1133 if &#40;*&#40;pos-1&#41; == &#39;:&#39;&#41;\r\n 1134 {\r\n ....\r\n 1148 if &#40;*&#40;pos-1&#41; == &#39;.&#39;&#41;\r\n 1149 {\r\n 1150 // find end.\r\n 1151 UINT32 len = 0;\r\n 1152 if &#40;pTimeZone&#41;\r\n 1153 {\r\n 1154 len = pTimeZone - pos;\r\n 1155 }\r\n 1156 else\r\n 1157 {\r\n 1158 len = end - pos;\r\n 1159 }\r\n 1160 strncpy&#40;buf, pos, len&#41;; /* Flawfinder: ignore */\r\n\r\nThe stack buffer is declared to be 10 bytes on line 957. You can see\r\nthat it has a comment which will cause the FlawFinder program to ignore\r\nthis buffer.\r\n\r\nThe loop, which begins on line 962, runs through the parameter to the\r\nfunction looking for characters that denote different sections of the\r\ntime format. When it encounters white space, or the +, -, or Z\r\ncharacters it will record the location for later use. If a time was\r\nlocated and it contains both a colon and a period the vulnerable code\r\nwill be reached.\r\n\r\nThe length of data to copy into the stack buffer is calculated either on\r\nline 1154 or line 1158 depending on whether or not a timezone is present.\r\nNeither calculations take into consideration the constant length of the\r\n&#39;buf&#39; buffer and therefore a stack-based buffer overflow can occur on\r\nline 1160. Again, notice that this unsafe use of strncpy&#40;&#41; is also\r\nmarked with a FlawFinder ignore comment.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation requires that an attacker persuade a user to supply\r\nRealPlayer or HelixPlayer with a maliciously crafted SMIL file. For\r\nexample, this can be accomplished by convincing them to visit a\r\nmalicious web page.\r\n\r\nThe data that is used to overflow the buffer is quite limited in the\r\nrange of characters that are allowed. However, given the ease of\r\naddress space manipulation within web browsers, exploitation is not\r\nsubstantially impacted by this limitation.\r\n\r\nThe RealPlayer plug-in can be referenced within a web browser by using\r\nCFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA CLSID.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in version\r\n10.5-GOLD of RealNetworks&#39; RealPlayer and HelixPlayer. Confirmation of\r\nthe existence this vulnerability within HelixPlayer was done via source\r\ncode review. Older versions are assumed to be vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\nFor Windows systems, setting the kill-bit for the associated CLSID,\r\ndespite greatly reducing the media player&#39;s functionality, will\r\nmitigate exploitation. It should be noted that the CLSID listed may not\r\nbe the only CLSID allowing access to the vulnerable code.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nRealNetworks has addressed this vulnerability by releasing fixed\r\nversions of their software.\r\n\r\nRealNetworks has not provided iDefense with any links referring to\r\nupdated packages or advisories. Installing the latest version from\r\ntheir web site will address the vulnerability.\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned the\r\nname CVE-2007-3410 to this issue. This is a candidate for inclusion in\r\nthe CVE list &#40;http://cve.mitre.org/&#41;, which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n10/02/2006 Initial vendor notification\r\n10/03/2006 Initial vendor response\r\n06/26/2007 Public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThe discoverer of this vulnerability wishes to remain anonymous.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2007 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "edition": 1, "reporter": "Securityvulns", "published": "2007-06-27T00:00:00", "title": "iDefense Security Advisory 06.26.07: RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:22", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3410"], "modified": "2007-06-27T00:00:00", "id": "SECURITYVULNS:DOC:17365", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17365", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-01-31T20:11:49", "osvdbidlist": ["37374"], "references": [], "description": "RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow PoC. CVE-2007-3410. Dos exploit for windows platform", "edition": 1, "reporter": "axis", "published": "2007-06-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow PoC", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-27T00:00:00", "id": "EDB-ID:4118", "href": "https://www.exploit-db.com/exploits/4118/", "sourceData": "<!--\nauthor:\taxis\nsite: http://www.ph4nt0m.org\n-->\n\n<smil xmlns=\"http://www.w3.org/2000/SMIL20/CR/Language\">\n <body>\n <par>\n <img src=\"./1.jpg\" begin=\"wallclock(12:00:00.999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999+9)\" dur=\"5s\"/>\n </par>\n </body>\n</smil>\n\n# milw0rm.com [2007-06-27]\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/4118/"}], "redhat": [{"lastseen": "2017-09-09T07:20:04", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageName": "HelixPlayer", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageName": "HelixPlayer", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0.6-0.EL4.2.0.2", "packageName": "HelixPlayer", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm", "arch": "src", "operator": "lt"}], "description": "HelixPlayer is a media player.\r\n\r\nA buffer overflow flaw was found in the way HelixPlayer processed\r\nSynchronized Multimedia Integration Language (SMIL) files. It was possible\r\nfor a malformed SMIL file to execute arbitrary code with the permissions of\r\nthe user running HelixPlayer. (CVE-2007-3410)\r\n\r\nAll users of HelixPlayer are advised to upgrade to this updated package,\r\nwhich contains a backported patch and is not vulnerable to this issue.", "reporter": "RedHat", "published": "2007-06-27T04:00:00", "type": "redhat", "title": "(RHSA-2007:0605) Critical: HelixPlayer security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-3410"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:19:36", "id": "RHSA-2007:0605", "href": "https://access.redhat.com/errata/RHSA-2007:0605", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-05-27T21:41:57", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "10.0.9-3.el5", "arch": "i386", "packageName": "RealPlayer", "packageFilename": "RealPlayer-10.0.9-3.el5.i386.rpm", "operator": "lt"}], "description": "RealPlayer is a media player that provides media playback locally and via\r\nstreaming.\r\n\r\nA buffer overflow flaw was found in the way RealPlayer processed\r\nSynchronized Multimedia Integration Language (SMIL) files. It was possible\r\nfor a malformed SMIL file to execute arbitrary code with the permissions of\r\nthe user running RealPlayer. (CVE-2007-3410)\r\n\r\nAll users of RealPlayer are advised to upgrade to this updated package\r\ncontaining RealPlayer version 10.0.9 which is not vulnerable to this issue.", "reporter": "RedHat", "published": "2007-08-17T04:00:00", "type": "redhat", "title": "(RHSA-2007:0841) Critical: RealPlayer security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-2263", "CVE-2007-2264", "CVE-2007-3410", "CVE-2007-5081"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:19", "id": "RHSA-2007:0841", "href": "https://access.redhat.com/errata/RHSA-2007:0841", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:01", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=183421", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "10.0.9", "packageName": "media-video/realplayer", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nRealPlayer is a multimedia player capable of handling multiple multimedia file formats. \n\n### Description\n\nA stack-based buffer overflow vulnerability has been reported in the SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when handling HH:mm:ss.f type time formats. \n\n### Impact\n\nBy enticing a user to open a specially crafted SMIL (Synchronized Multimedia Integration Language) file, an attacker could be able to execute arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll RealPlayer users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/realplayer-10.0.9\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2007-09-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "gentoo", "title": "RealPlayer: Buffer overflow", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3410"], "modified": "2007-09-14T00:00:00", "id": "GLSA-200709-05", "href": "https://security.gentoo.org/glsa/200709-05", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:02", "references": [], "pluginID": "58602", "description": "The remote host is missing updates announced in\nadvisory GLSA 200709-05.", "edition": 2, "reporter": "Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Gentoo Security Advisory GLSA 200709-05 (realplayer)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58602", "id": "OPENVAS:58602", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"RealPlayer is vulnerable to a buffer overflow allowing for execution of\narbitrary code.\";\ntag_solution = \"All RealPlayer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.9'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200709-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=183421\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200709-05.\";\n\n \n\nif(description)\n{\n script_id(58602);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-3410\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200709-05 (realplayer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/realplayer\", unaffected: make_list(\"ge 10.0.9\"), vulnerable: make_list(\"lt 10.0.9\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:06", "references": ["2007-0756", "https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00666.html"], "pluginID": "861058", "description": "Check for the Version of HelixPlayer", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for HelixPlayer FEDORA-2007-0756", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3410"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861058", "id": "OPENVAS:861058", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for HelixPlayer FEDORA-2007-0756\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"HelixPlayer on Fedora 7\";\ntag_insight = \"Helix Player is an open-source media player built in the Helix\n Community for consumers. Built using GTK, it plays open source formats,\n like Ogg Vorbis and Theora using the powerful Helix DNA Client Media\n Engine.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00666.html\");\n script_id(861058);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-0756\");\n script_cve_id(\"CVE-2007-3410\");\n script_name( \"Fedora Update for HelixPlayer FEDORA-2007-0756\");\n\n script_summary(\"Check for the Version of HelixPlayer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"HelixPlayer\", rpm:\"HelixPlayer~1.0.7~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"HelixPlayer-plugin\", rpm:\"HelixPlayer-plugin~1.0.7~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"HelixPlayer-debuginfo\", rpm:\"HelixPlayer-debuginfo~1.0.7~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"HelixPlayer\", rpm:\"HelixPlayer~1.0.7~6.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:10", "references": [], "pluginID": "60115", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "title": "FreeBSD Ports: linux-realplayer", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "modified": "2016-09-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60115", "id": "OPENVAS:60115", "sourceData": "#\n#VID f762ccbb-baed-11dc-a302-000102cc8983\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: linux-realplayer\n\nCVE-2007-5081\nHeap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and\npossibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise\nallows remote attackers to execute arbitrary code via a crafted RM\nfile.\nCVE-2007-3410\nStack-based buffer overflow in the SmilTimeValue::parseWallClockValue\nfunction in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and\npossibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player\n10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to\nexecute arbitrary code via an SMIL (SMIL2) file with a long wallclock\nvalue.\nCVE-2007-2263\nHeap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and\npossibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote\nattackers to execute arbitrary code via an SWF (Flash) file with\nmalformed record headers.\nCVE-2007-2264\nHeap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and\npossibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise\nallows remote attackers to execute arbitrary code via a RAM (.ra or\n.ram) file with a large size value in the RA header.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/27361\nhttp://service.real.com/realplayer/security/10252007_player/en/\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-063.html\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-062.html\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-061.html\nhttp://secunia.com/advisories/25819/\nhttp://www.vuxml.org/freebsd/f762ccbb-baed-11dc-a302-000102cc8983.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(60115);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-5081\", \"CVE-2007-3410\", \"CVE-2007-2263\", \"CVE-2007-2264\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: linux-realplayer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-realplayer\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.5\")>=0 && revcomp(a:bver, b:\"10.0.9.809.20070726\")<0) {\n txt += 'Package linux-realplayer version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "saint": [{"lastseen": "2018-08-31T00:08:21", "references": [], "description": "Added: 06/29/2007 \nCVE: [CVE-2007-3410](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410>) \nBID: [24658](<http://www.securityfocus.com/bid/24658>) \nOSVDB: [37374](<http://www.osvdb.org/37374>) \n\n\n### Background\n\nRealPlayer includes support for Synchronized Multimedia Integration Language (SMIL) files. \n\n### Problem\n\nA buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL file. \n\n### Resolution\n\nUpdate to a fixed version of RealPlayer by selecting Check for Update under the Help menu in RealPlayer. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 Gold and requires a user to open the exploit file in Internet Explorer 6 or 7. \n\n### Platforms\n\nWindows \n \n\n", "edition": 3, "reporter": "SAINT Corporation", "published": "2007-06-29T00:00:00", "title": "RealPlayer SMIL file wallclock buffer overflow", "type": "saint", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-29T00:00:00", "id": "SAINT:60890704B26EDE87E6FA037907CFA531", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/realplayer_smil_wallclock", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-14T16:58:05", "references": [], "edition": 1, "description": "Added: 06/29/2007 \nCVE: [CVE-2007-3410](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410>) \nBID: [24658](<http://www.securityfocus.com/bid/24658>) \nOSVDB: [37374](<http://www.osvdb.org/37374>) \n\n\n### Background\n\nRealPlayer includes support for Synchronized Multimedia Integration Language (SMIL) files. \n\n### Problem\n\nA buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL file. \n\n### Resolution\n\nUpdate to a fixed version of RealPlayer by selecting Check for Update under the Help menu in RealPlayer. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 Gold and requires a user to open the exploit file in Internet Explorer 6 or 7. \n\n### Platforms\n\nWindows \n \n\n", "reporter": "SAINT Corporation", "published": "2007-06-29T00:00:00", "type": "saint", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "RealPlayer SMIL file wallclock buffer overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-29T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/realplayer_smil_wallclock", "id": "SAINT:8CC7664D64C422281AA11FC091C00C94", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-10-03T15:01:58", "references": [], "description": "Added: 06/29/2007 \nCVE: [CVE-2007-3410](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410>) \nBID: [24658](<http://www.securityfocus.com/bid/24658>) \nOSVDB: [37374](<http://www.osvdb.org/37374>) \n\n\n### Background\n\nRealPlayer includes support for Synchronized Multimedia Integration Language (SMIL) files. \n\n### Problem\n\nA buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL file. \n\n### Resolution\n\nUpdate to a fixed version of RealPlayer by selecting Check for Update under the Help menu in RealPlayer. \n\n### References\n\n<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547> \n\n\n### Limitations\n\nExploit works on RealPlayer 10.5 Gold and requires a user to open the exploit file in Internet Explorer 6 or 7. \n\n### Platforms\n\nWindows \n \n\n", "edition": 1, "reporter": "SAINT Corporation", "published": "2007-06-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "saint", "title": "RealPlayer SMIL file wallclock buffer overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-29T00:00:00", "id": "SAINT:E01BFCF2621FC36EB45091F4EE8DA493", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/realplayer_smil_wallclock", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:40:13", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "arch": "src", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm", "packageName": "HelixPlayer", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "arch": "src", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm", "packageName": "HelixPlayer", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "arch": "i386", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm", "packageName": "HelixPlayer", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "1.0.6-0.EL4.2.0.2", "arch": "i386", "packageFilename": "HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm", "packageName": "HelixPlayer", "operator": "lt"}], "description": " [1.0.6-0.EL4.2.0.2]\n - Rebuild for z-stream bz#245842\n \n [1.0.6-0.EL4.2]\n - Add a fix for CVE-2007-3410 ", "edition": 3, "reporter": "Oracle", "published": "2007-06-27T00:00:00", "title": "Critical: HelixPlayer security update ", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-3410"], "modified": "2007-06-27T00:00:00", "id": "ELSA-2007-0605", "href": "http://linux.oracle.com/errata/ELSA-2007-0605.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T22:02:05", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 24658\r\nCVE(CAN) ID: CVE-2007-3410\r\n\r\nRealPlayer\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5a92\u4f53\u64ad\u653e\u5668\uff0c\u652f\u6301\u591a\u79cd\u683c\u5f0f\uff1bHelixPlayer\u662f\u5176\u5f00\u6e90\u7248\u672c\u3002\r\n\r\nRealPlayer/HelixPlayer\u64ad\u653e\u5668\u7684\u5899\u58c1\u65f6\u949f\u5728\u5904\u7406\u65e5\u671f\u683c\u5f0f\u65f6\u5b58\u5728\u7f13\u51b2\u533a\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u7528\u6237\u673a\u5668\u3002\r\n\r\n\u5899\u58c1\u65f6\u949f\uff08wallclock\uff09\u529f\u80fd\u6ca1\u6709\u6b63\u786e\u5730\u5904\u7406HH:mm:ss.f\u65f6\u95f4\u683c\u5f0f\uff1a \r\n\r\n 924 HX_RESULT\r\n 925 SmilTimeValue::parseWallClockValue(REF(const char*) pCh)\r\n 926 {\r\n ...\r\n 957 char buf[10]; /* Flawfinder: ignore */\r\n ...\r\n 962 while (*pCh)\r\n 963 {\r\n ...\r\n 972 else if (isspace(*pCh) || *pCh == '+' || *pCh == '-' || *pCh == 'Z')\r\n 973 {\r\n 974 // this will find the last +, - or Z... which is what we want.\r\n 975 pTimeZone = pCh;\r\n 976 }\r\n ...\r\n 982 ++pCh;\r\n 983 }\r\n ...\r\n 1101 if (pTimePos)\r\n 1102 {\r\n 1103 //HH:MM...\r\n ....\r\n 1133 if (*(pos-1) == ':')\r\n 1134 {\r\n ....\r\n 1148 if (*(pos-1) == '.')\r\n 1149 {\r\n 1150 // find end.\r\n 1151 UINT32 len = 0;\r\n 1152 if (pTimeZone)\r\n 1153 {\r\n 1154 len = pTimeZone - pos;\r\n 1155 }\r\n 1156 else\r\n 1157 {\r\n 1158 len = end - pos;\r\n 1159 }\r\n 1160 strncpy(buf, pos, len); /* Flawfinder: ignore */\r\n\r\n\u5728957\u884c\u6808\u7f13\u51b2\u533a\u58f0\u660e\u4e3a10\u5b57\u8282\uff0c\u8be5\u884c\u7684\u6807\u6ce8\u5bfc\u81f4FlawFinder\u7a0b\u5e8f\u5ffd\u7565\u8fd9\u4e2a\u7f13\u51b2\u533a\u3002 \r\n\r\n962\u884c\u5f00\u59cb\u7684\u5faa\u73af\u901a\u8fc7\u4e00\u4e2a\u51fd\u6570\u53c2\u6570\u8fd0\u884c\uff0c\u8be5\u51fd\u6570\u7528\u4e8e\u5bfb\u627e\u8868\u793a\u65f6\u95f4\u683c\u5f0f\u4e2d\u4e0d\u540c\u90e8\u5206\u7684\u5b57\u7b26\u3002\u5982\u679c\u9047\u5230\u4e86\u7a7a\u683c\u3001\u201c+\u201d\u3001\u201c-\u201d\u3001\u6216\u201cZ\u201d\u5b57\u7b26\uff0c\u5c31\u4f1a\u8bb0\u5f55\u4e0b\u4f4d\u7f6e\u4ee5\u5907\u4e4b\u540e\u4f7f\u7528\u3002\u5982\u679c\u627e\u5230\u4e86\u65f6\u95f4\u4e14\u5305\u542b\u6709\u5192\u53f7\u548c\u9017\u53f7\uff0c\u5c31\u4f1a\u5230\u8fbe\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u3002\r\n\r\n1154\u62161158\u884c\u8ba1\u7b97\u5c06\u8981\u62f7\u8d1d\u5230\u6808\u7f13\u51b2\u533a\u7684\u6570\u636e\u957f\u5ea6\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u662f\u5426\u5b58\u5728\u65f6\u533a\u3002\u8fd9\u4e24\u5904\u8ba1\u7b97\u90fd\u6ca1\u6709\u8003\u8651buf\u7f13\u51b2\u533a\u7684\u5e38\u6570\u957f\u5ea6\uff0c\u56e0\u6b64\u57281160\u884c\u53ef\u80fd\u51fa\u73b0\u6808\u6ea2\u51fa\u3002\u6b64\u5916\uff0c\u8be5\u884c\u4e0d\u5b89\u5168\u5730\u4f7f\u7528strncpy()\u4e5f\u88ab\u6807\u8bb0\u4e86\u5ffd\u7565FlawFinder\u7684\u6807\u6ce8\u3002\r\n\r\n\u5982\u679c\u7528\u6237\u53d7\u9a97\u4f7f\u7528\u6709\u6f0f\u6d1e\u7684\u64ad\u653e\u5668\u52a0\u8f7d\u4e86\u540c\u6b65\u591a\u5a92\u4f53\u96c6\u6210\u8bed\u8a00\uff08SMIL\uff09\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n\n\nReal Networks RealPlayer 10.5-GOLD \r\nReal Networks Helix Player 10.5-GOLD\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n\u5982\u679c\u60a8\u4e0d\u80fd\u7acb\u523b\u5b89\u88c5\u8865\u4e01\u6216\u8005\u5347\u7ea7\uff0cNSFOCUS\u5efa\u8bae\u60a8\u91c7\u53d6\u4ee5\u4e0b\u63aa\u65bd\u4ee5\u964d\u4f4e\u5a01\u80c1\uff1a\r\n\r\n* \u4e3aCLSID CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA\u8bbe\u7f6ekill-bit\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nReal Networks\r\n-------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://www.real.com\" target=\"_blank\">http://www.real.com</a>", "reporter": "Root", "published": "2007-06-28T00:00:00", "title": "RealPlayer/HelixPlayer ParseWallClockValue\u51fd\u6570\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3410"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2007-06-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-1930", "id": "SSV:1930", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "details"}], "freebsd": [{"lastseen": "2018-08-31T01:15:36", "references": ["http://www.zerodayinitiative.com/advisories/ZDI-07-062.html", "http://www.zerodayinitiative.com/advisories/ZDI-07-061.html", "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html", "http://secunia.com/advisories/25819/", "http://secunia.com/advisories/27361", "http://service.real.com/realplayer/security/10252007_player/en/"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "10.0.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-realplayer", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "10.0.9.809.20070726", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-realplayer", "operator": "lt"}], "description": "\nSecunia reports:\n\nMultiple vulnerabilities have been reported in\n\t RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious\n\t people to compromise a user's system.\nAn input validation error when processing .RA/.RAM files can be\n\t exploited to cause a heap corruption via a specially crafted\n\t .RA/.RAM file with an overly large size field in the header.\nAn error in the processing of .PLS files can be exploited to cause\n\t a memory corruption and execute arbitrary code via a specially\n\t crafted .PLS file.\nAn input validation error when parsing .SWF files can be exploited\n\t to cause a buffer overflow via a specially crafted .SWF file with\n\t malformed record headers.\nA boundary error when processing rm files can be exploited to\n\t cause a buffer overflow.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2007-10-25T00:00:00", "title": "linux-realplayer -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-2264", "CVE-2007-2263", "CVE-2007-5081", "CVE-2007-3410"], "modified": "2007-10-25T00:00:00", "id": "F762CCBB-BAED-11DC-A302-000102CC8983", "href": "https://vuxml.freebsd.org/freebsd/f762ccbb-baed-11dc-a302-000102cc8983.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}