CVE-2005-2055

RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers".

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://service.real.com/help/faq/security/050623_player/EN/	Patch Vendor Advisory
http://service.real.com/help/faq/security/050623_player/EN/	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
	cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:::enterprise:::::*
	cpe:2.3:a:realnetworks:realplayer:8.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040_1069:::::::*

History

20 Nov 2024, 23:58

Type	Values Removed	Values Added
References	~~() http://service.real.com/help/faq/security/050623_player/EN/ - Patch, Vendor Advisory~~	() http://service.real.com/help/faq/security/050623_player/EN/ - Patch, Vendor Advisory

Information

Published : 2005-06-29 04:00

Updated : 2024-11-20 23:58

NVD link : CVE-2005-2055

Mitre link : CVE-2005-2055

CVE.ORG link : CVE-2005-2055

JSON object : View

Products Affected

realnetworks

realone_player
realplayer

CWE

NVD-CWE-Other

{"id": "CVE-2005-2055", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-06-29T04:00:00.000", "references": [{"url": "http://service.real.com/help/faq/security/050623_player/EN/", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://service.real.com/help/faq/security/050623_player/EN/", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via \"default settings of earlier Internet Explorer browsers\"."}], "lastModified": "2024-11-20T23:58:41.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E940DAB-0CD5-4EC0-916F-6C0B2AE26D19"}, {"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E6051B4-1B15-44C0-B2CD-5504E68C60F2"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040_1069:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A0BE7CF-D281-46F7-90B5-B469BE10E9A8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}