9.3
CVE-2006-0323
- EPSS 16.74%
- Veröffentlicht 23.03.2006 23:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:20
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Realnetworks ≫ Realplayer Version10.0 Updategold
Realnetworks ≫ Realplayer Version10.0.6
Realnetworks ≫ Realplayer Version10.5
Realnetworks ≫ Rhapsody Version3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 16.74% | 0.966 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/19358
http://www.service.real.com/realplayer/security/03162006_player/en/
http://www.vupen.com/english/advisories/2006/1057
http://secunia.com/advisories/19365
http://www.novell.com/linux/security/advisories/2006_18_realplayer.html
http://www.securityfocus.com/bid/17202
http://secunia.com/advisories/19362
http://secunia.com/advisories/19390
http://securityreason.com/securityalert/690
http://securitytracker.com/id?1015806
http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml
http://www.kb.cert.org/vuls/id/231028
http://www.redhat.com/support/errata/RHSA-2006-0257.html
http://www.securityfocus.com/archive/1/430621/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/25408