CVE-2005-2922

Exploit

EPSS 4.36%
Veröffentlicht 31.12.2005 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Realnetworks ≫ Helix Player Version10.0 Editionlinux

Realnetworks ≫ Helix Player Version10.0.1 Editionlinux

Realnetworks ≫ Helix Player Version10.0.2 Editionlinux

Realnetworks ≫ Helix Player Version10.0.3 Editionlinux

Realnetworks ≫ Helix Player Version10.0.4 Editionlinux

Realnetworks ≫ Helix Player Version10.0.5 Editionlinux

Realnetworks ≫ Helix Player Version10.0.6 Editionlinux

Realnetworks ≫ Realone Player

Realnetworks ≫ Realone Player Version0.288 Editionmac_os_x

Realnetworks ≫ Realone Player Version0.297 Editionmac_os_x

Realnetworks ≫ Realone Player Version1.0

Realnetworks ≫ Realone Player Version2.0

Realnetworks ≫ Realplayer Editionenterprise

Realnetworks ≫ Realplayer Version8.0 Editionwin32

Realnetworks ≫ Realplayer Version10.0

Realnetworks ≫ Realplayer Version10.0.0.305 Editionmac_os

Realnetworks ≫ Realplayer Version10.0.0.331 Editionmac_os

Realnetworks ≫ Realplayer Version10.0.1 Editionlinux

Realnetworks ≫ Realplayer Version10.0.2 Editionlinux

Realnetworks ≫ Realplayer Version10.0.3 Editionlinux

Realnetworks ≫ Realplayer Version10.0.4 Editionlinux

Realnetworks ≫ Realplayer Version10.0.5 Editionlinux

Realnetworks ≫ Realplayer Version10.0.6 Editionlinux

Realnetworks ≫ Realplayer Version10.5

Realnetworks ≫ Realplayer Version10.5_6.0.12.1040

Realnetworks ≫ Realplayer Version10.5_6.0.12.1053

Realnetworks ≫ Realplayer Version10.5_6.0.12.1056

Realnetworks ≫ Realplayer Version10.5_6.0.12.1059

Realnetworks ≫ Realplayer Version10.5_6.0.12.1069

Realnetworks ≫ Realplayer Version10.5_6.0.12.1235

Realnetworks ≫ Rhapsody Version3.0

Realnetworks ≫ Rhapsody Version3.0_build_0.815

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.36%	0.878

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.redhat.com/support/errata/RHSA-2005-762.html

Patch

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-788.html

Patch

Vendor Advisory

http://secunia.com/advisories/19358

Vendor Advisory

http://www.service.real.com/realplayer/security/03162006_player/en/

Patch

http://www.vupen.com/english/advisories/2006/1057

Vendor Advisory