Lucene search

K
saint
SAINT CorporationSAINT:7A58BDE9BDCCED73750F291E450DEC53
HistoryMar 31, 2006 - 12:00 a.m.

RealPlayer invalid chunk header heap overflow

2006-03-3100:00:00
SAINT Corporation
download.saintcorporation.com
6

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.6%

Added: 03/31/2006
CVE: CVE-2005-2922
BID: 17202
OSVDB: 24062

Background

RealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page.

Problem

A chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution.

Resolution

Use the Check for Update feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404&gt;

Limitations

Exploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer.

Platforms

Windows 2000
Windows XP

How to find holes in your network?

Try incredible fast Vulners Perimeter Scanner and find vulnerabilities and unnecessary ip and ports in network devices inside your network before anyone else.

Try Network Scanner

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.6%

Related for SAINT:7A58BDE9BDCCED73750F291E450DEC53