Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:7A58BDE9BDCCED73750F291E450DEC53
HistoryMar 31, 2006 - 12:00 a.m.

RealPlayer invalid chunk header heap overflow

2006-03-3100:00:00
SAINT Corporation
download.saintcorporation.com
6

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.8%

JSON

Added: 03/31/2006
CVE: CVE-2005-2922
BID: 17202
OSVDB: 24062

Background

RealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page.

Problem

A chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution.

Resolution

Use the Check for Update feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404&gt;

Limitations

Exploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer.

Platforms

Windows 2000
Windows XP

Related

securityvulns 2
openvas 2
saint 3
nessus 6
cert 1
freebsd 1
cve 1
suse 1
redhat 2
centos 1
securityvulns
securityvulns
iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap Overflow Vulnerability
2006-03-24 00:00:00
[Full-disclosure] SUSE Security Announcement: RealPlayer security problems &#40;SUSE-SA:2006:018&#41;
2006-03-23 00:00:00
openvas
openvas
FreeBSD Ports: linux-realplayer
2008-09-04 00:00:00
FreeBSD Ports: linux-realplayer
2008-09-04 00:00:00
saint
saint
RealPlayer invalid chunk header heap overflow
2006-03-31 00:00:00
RealPlayer invalid chunk header heap overflow
2006-03-31 00:00:00
RealPlayer invalid chunk header heap overflow
2006-03-31 00:00:00
nessus
nessus
FreeBSD : linux-realplayer -- heap overflow (fe4c84fc-bdb5-11da-b7d4-00123ffe8333)
2006-05-13 00:00:00
SUSE-SA:2006:018: RealPlayer
2006-03-27 00:00:00
CentOS 4 : Helix / Player (CESA-2005:788)
2007-01-08 00:00:00
cert
cert
RealNetworks products fail to properly handle chunked data
2006-04-05 00:00:00
freebsd
freebsd
linux-realplayer -- heap overflow
2006-03-23 00:00:00
cve
cve
CVE-2005-2922
2005-12-31 05:00:00
suse
suse
remote code execution in RealPlayer
2006-03-23 12:04:47
redhat
redhat
(RHSA-2005:762) RealPlayer security update
2005-09-27 00:00:00
(RHSA-2005:788) HelixPlayer security update
2005-09-27 00:00:00
centos
centos
HelixPlayer security update
2005-09-27 22:04:42

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.8%

JSON
Related for SAINT:7A58BDE9BDCCED73750F291E450DEC53
securityvulns2openvas2saint3nessus6cert1freebsd1cve1suse1redhat2centos1