Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-07-062
HistoryOct 31, 2007 - 12:00 a.m.

RealNetworks RealPlayer PLS File Memory Corruption Vulnerability

2007-10-3100:00:00
Anonymous
www.zerodayinitiative.com
8

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.961 High

EPSS

Percentile

99.5%

JSON

This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .pls file or visit a malicious web site. The specific flaw exists during the parsing of corrupted playlist files. Malicious corruption causes RealPlayer to call into a static heap address which can be leveraged by an attacker resulting in arbitrary code execution under the context of the logged in user.

Related

cve 1
prion 1
securityvulns 2
nessus 1
cve
cve
CVE-2007-4599
2007-10-31 17:46:00
prion
prion
Stack overflow
2007-10-31 17:46:00
securityvulns
securityvulns
ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption Vulnerability
2007-11-02 00:00:00
Real Player multiple buffer overflows
2007-11-02 00:00:00
nessus
nessus
RealPlayer for Windows < Build 6.0.12.1662 Multiple Vulnerabilities
2007-10-30 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.961 High

EPSS

Percentile

99.5%

JSON
Related for ZDI-07-062
cve1prion1securityvulns2nessus1