CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
89.9%
Added: 03/31/2006
CVE: CVE-2005-2922
BID: 17202
OSVDB: 24062
RealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page.
A chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution.
Use the Check for Update feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player.
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404
Exploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer.
Windows 2000
Windows XP