9.3

CVE-2007-5080

Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RealnetworksRealone Player Version1.0 Editionwindows Langen
RealnetworksRealone Player Version2.0 Editionwindows
RealnetworksRealplayer Version10.0 Editionwindows
RealnetworksRealplayer Version10.5 Update6.0.12.1040 Editionwindows
RealnetworksRealplayer Version10.5 Update6.0.12.1578 Editionwindows
RealnetworksRealplayer Version10.5 Update6.0.12.1698 Editionwindows
RealnetworksRealplayer Version10.5 Update6.0.12.1741 Editionwindows
RealnetworksRealplayer Enterprise Editionwindows Langen
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.73% 0.939
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/27361
Patch
Vendor Advisory
http://service.real.com/realplayer/security/10252007_player/en/
Patch
http://www.attrition.org/pipermail/vim/2007-October/001841.html
http://www.vupen.com/english/advisories/2007/3628
http://www.securityfocus.com/bid/26214
http://www.securitytracker.com/id?1018866
http://www.kb.cert.org/vuls/id/759385
US Government Resource
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/
https://exchange.xforce.ibmcloud.com/vulnerabilities/37434