Vulnerability Name:

CVE-2003-0141 (CCN-11643)

Assigned:2003-03-28
Published:2003-03-28
Updated:2016-10-18
Summary:The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: VULNWATCH
Type: UNKNOWN
20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability

Source: MITRE
Type: CNA
CVE-2003-0141

Source: BUGTRAQ
Type: UNKNOWN
20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability

Source: CCN
Type: RealNetworks, Inc. Web site
RealNetworks Support: Security Issues

Source: CCN
Type: RealNetworks, Inc. Service and Support
RealNetworks Releases Security Update to Address RealOne Player, RealPlayer Security Vulnerabilities.

Source: CCN
Type: CIAC Information Bulletin N-066
RealPlayer PNG Deflate Heap Corruption Vulnerability

Source: CCN
Type: Core Security Technologies Advisory CORE-20030306
RealPlayer PNG deflate heap corruption vulnerability

Source: MISC
Type: Patch, Vendor Advisory
http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#705761

Source: CCN
Type: OSVDB ID: 11768
RealOne/RealPlayer PNG Deflate Algorithm Heap Corruption Arbitrary Code Execution

Source: BID
Type: Patch, Vendor Advisory
7177

Source: CCN
Type: BID-7177
RealNetworks RealPlayer PNG Deflate Heap Corruption Vulnerability

Source: XF
Type: UNKNOWN
realplayer-png-decompress-bo(11643)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:9.0.0.288:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:9.0.0.297:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    realnetworks realone enterprise desktop 6.0.11.774
    realnetworks realone player 2.0
    realnetworks realone player 6.0.10.505 gold
    realnetworks realone player 6.0.11.818
    realnetworks realone player 6.0.11.830
    realnetworks realone player 6.0.11.841
    realnetworks realone player 6.0.11.853
    realnetworks realone player 9.0.0.288
    realnetworks realone player 9.0.0.297
    realnetworks realplayer 8.0