CVE-2005-2922

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/19358	Vendor Advisory
http://secunia.com/advisories/19365	Patch Vendor Advisory
http://securitytracker.com/id?1015808
http://www.kb.cert.org/vuls/id/172489	Patch Third Party Advisory US Government Resource
http://www.novell.com/linux/security/advisories/2006_18_realplayer.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-762.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-788.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/17202	Exploit
http://www.service.real.com/realplayer/security/03162006_player/en/	Patch
http://www.vupen.com/english/advisories/2006/1057	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25409
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11444

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:realnetworks:helix_player:10.0::linux:::::
	cpe:2.3:a:realnetworks:helix_player:10.0.1::linux:::::
	cpe:2.3:a:realnetworks:helix_player:10.0.2::linux:::::
	cpe:2.3:a:realnetworks:helix_player:10.0.3::linux:::::
	cpe:2.3:a:realnetworks:helix_player:10.0.4::linux:::::
	cpe:2.3:a:realnetworks:helix_player:10.0.5::linux:::::
	cpe:2.3:a:realnetworks:helix_player:10.0.6::linux:::::
	cpe:2.3:a:realnetworks:realone_player::::::::
	cpe:2.3:a:realnetworks:realone_player:0.288::mac_os_x:::::
	cpe:2.3:a:realnetworks:realone_player:0.297::mac_os_x:::::
	cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
	cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:::enterprise:::::*
	cpe:2.3:a:realnetworks:realplayer:8.0::win32:::::
	cpe:2.3:a:realnetworks:realplayer:10.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.0.0.305::mac_os:::::
	cpe:2.3:a:realnetworks:realplayer:10.0.0.331::mac_os:::::
	cpe:2.3:a:realnetworks:realplayer:10.0.1::linux:::::
	cpe:2.3:a:realnetworks:realplayer:10.0.2::linux:::::
	cpe:2.3:a:realnetworks:realplayer:10.0.3::linux:::::
	cpe:2.3:a:realnetworks:realplayer:10.0.4::linux:::::
	cpe:2.3:a:realnetworks:realplayer:10.0.5::linux:::::
	cpe:2.3:a:realnetworks:realplayer:10.0.6::linux:::::
	cpe:2.3:a:realnetworks:realplayer:10.5:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1056:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1059:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1069:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1235:::::::*
	cpe:2.3:a:realnetworks:rhapsody:3.0:::::::*
	cpe:2.3:a:realnetworks:rhapsody:3.0_build_0.815:::::::*

History

No history.

Information

Published : 2005-12-31 05:00

Updated : 2024-02-28 10:42

NVD link : CVE-2005-2922

Mitre link : CVE-2005-2922

CVE.ORG link : CVE-2005-2922

JSON object : View

Products Affected

realnetworks

realplayer
helix_player
rhapsody
realone_player

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

9.3 /10