Vulnerability Name:

CVE-2004-0387 (CCN-15774)

Assigned:2004-04-06
Published:2004-04-06
Updated:2017-07-11
Summary:Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: VULNWATCH
Type: UNKNOWN
20040307 REAL One Player R3T File Format Stack Overflow

Source: CCN
Type: NGSSoftware Insight Security Research Advisory #NISR17042004
REAL One Player R3T File Format Stack Overflow

Source: MITRE
Type: CNA
CVE-2004-0387

Source: BUGTRAQ
Type: UNKNOWN
20040307 REAL One Player R3T File Format Stack Overflow

Source: CCN
Type: RHSA-2005-299
realplayer security update

Source: CCN
Type: SA11314
RealPlayer/RealOne R3T File Handling Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
11314

Source: CCN
Type: RealNetworks, Inc. Releases Update April 6th, 2004
Customer Support - Real Security Updates

Source: MISC
Type: Patch, Vendor Advisory
http://www.ngssoftware.com/advisories/realr3t.txt

Source: OSVDB
Type: UNKNOWN
4977

Source: CCN
Type: OSVDB ID: 4977
RealPlayer/RealOne R3T Plugin Overflow

Source: BID
Type: UNKNOWN
10070

Source: CCN
Type: BID-10070
RealNetworks RealOne Player/RealPlayer Remote R3T File Stack Buffer Overflow Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.service.real.com/help/faq/security/040406_r3t/en/

Source: XF
Type: UNKNOWN
realplayer-r3t-bo(15774)

Source: XF
Type: UNKNOWN
realplayer-r3t-bo(15774)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:realnetworks:realone_player:*:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:*:*:enterprise:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:10_beta:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    realnetworks realone player *
    realnetworks realone player *
    realnetworks realone player 10_beta
    realnetworks realplayer 8.0