Vulnerability CVE-2004-0258 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0258 (CCN-15040)

Assigned:

2004-02-04

Published:

2004-02-04

Updated:

2017-07-11

Summary:

Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: VULNWATCH
Type: UNKNOWN
20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer

Source: CCN
Type: VulnWatch Mailing List, Wed Feb 04 2004 - 16:22:05 CST
Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer

Source: MITRE
Type: CNA
CVE-2004-0258

Source: BUGTRAQ
Type: UNKNOWN
20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer

Source: CCN
Type: RealNetworks, Inc. Releases Update Updated February 4, 2004
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Source: CCN
Type: CIAC Information Bulletin O-075
RealPlayer / RealOne Player Buffer Overrun Vulnerabilities

Source: CIAC
Type: UNKNOWN
O-075

Source: CCN
Type: US-CERT VU#473814
Multiple Real media players vulnerable to buffer overflow when parsing crafted media files

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#473814

Source: CCN
Type: NGSSoftware Insight Security Research Advisory #NISR04022004a
RealPlayer & RealOne Player Buffer Overruns

Source: MISC
Type: UNKNOWN
http://www.nextgenss.com/advisories/realone.txt

Source: CCN
Type: OSVDB ID: 3827
RealOne/RealPlayer RMP Code Execution

Source: BID
Type: Patch, Vendor Advisory
9579

Source: CCN
Type: BID-9579
Multiple RealPlayer/RealOne Player Supported File Type Buffer Overrun Vulnerabilities

Source: CCN
Type: BID-9580
RealPlayer/RealOne Player RMP Skin File Handler Directory Traversal Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.service.real.com/help/faq/security/040123_player/EN/

Source: XF
Type: UNKNOWN
realoneplayer-multiple-file-bo(15040)

Source: XF
Type: UNKNOWN
realoneplayer-multiple-file-bo(15040)

Vulnerable Configuration:

Configuration 1:

cpe:/a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realone_player:2.0:*:win:*:*:*:*:*

OR cpe:/a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realone_player:6.0.11.868:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:8.0:*:mac_os:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:8.0:*:unix:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*

Denotes that component is vulnerable