CVE-2005-2922

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-2922
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://secunia.com/advisories/19358 Vendor Advisory
http://secunia.com/advisories/19365 Patch Vendor Advisory
http://securitytracker.com/id?1015808
http://www.kb.cert.org/vuls/id/172489 Patch Third Party Advisory US Government Resource
http://www.novell.com/linux/security/advisories/2006_18_realplayer.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-762.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-788.html Patch Vendor Advisory
http://www.securityfocus.com/bid/17202 Exploit
http://www.service.real.com/realplayer/security/03162006_player/en/ Patch
http://www.vupen.com/english/advisories/2006/1057 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25409
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444
http://secunia.com/advisories/19358 Vendor Advisory
http://secunia.com/advisories/19365 Patch Vendor Advisory
http://securitytracker.com/id?1015808
http://www.kb.cert.org/vuls/id/172489 Patch Third Party Advisory US Government Resource
http://www.novell.com/linux/security/advisories/2006_18_realplayer.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-762.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-788.html Patch Vendor Advisory
http://www.securityfocus.com/bid/17202 Exploit
http://www.service.real.com/realplayer/security/03162006_player/en/ Patch
http://www.vupen.com/english/advisories/2006/1057 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25409
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:realnetworks:helix_player:10.0:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:helix_player:10.0.1:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:helix_player:10.0.2:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:helix_player:10.0.3:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:helix_player:10.0.4:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:helix_player:10.0.5:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:helix_player:10.0.6:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:0.288:*:mac_os_x:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:0.297:*:mac_os_x:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0.0.305:*:mac_os:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0.0.331:*:mac_os:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0.1:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0.2:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0.3:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0.4:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0.5:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.0.6:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:rhapsody:3.0:*:*:*:*:*:*:*
cpe:2.3:a:realnetworks:rhapsody:3.0_build_0.815:*:*:*:*:*:*:*
History

21 Nov 2024, 00:00

Type Values Removed Values Added
References () http://secunia.com/advisories/19358 - Vendor Advisory () http://secunia.com/advisories/19358 - Vendor Advisory
References () http://secunia.com/advisories/19365 - Patch, Vendor Advisory () http://secunia.com/advisories/19365 - Patch, Vendor Advisory
References () http://securitytracker.com/id?1015808 - () http://securitytracker.com/id?1015808 -
References () http://www.kb.cert.org/vuls/id/172489 - Patch, Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/172489 - Patch, Third Party Advisory, US Government Resource
References () http://www.novell.com/linux/security/advisories/2006_18_realplayer.html - Patch, Vendor Advisory () http://www.novell.com/linux/security/advisories/2006_18_realplayer.html - Patch, Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2005-762.html - Patch, Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2005-762.html - Patch, Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2005-788.html - Patch, Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2005-788.html - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/17202 - Exploit () http://www.securityfocus.com/bid/17202 - Exploit
References () http://www.service.real.com/realplayer/security/03162006_player/en/ - Patch () http://www.service.real.com/realplayer/security/03162006_player/en/ - Patch
References () http://www.vupen.com/english/advisories/2006/1057 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1057 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/25409 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/25409 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444 -
Information

Published : 2005-12-31 05:00

Updated : 2024-11-21 00:00

NVD link : CVE-2005-2922

Mitre link : CVE-2005-2922

CVE.ORG link : CVE-2005-2922

JSON object : View

Products Affected

realnetworks

  • helix_player
  • realone_player
  • rhapsody
  • realplayer
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024