Vulnerability Name: CVE-2004-1481 (CCN-17549) Assigned: 2004-09-28 Published: 2004-09-28 Updated: 2021-08-11 Summary: Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow. CVSS v3 Severity: 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCNEEYE: RealPlayer pnen3260.dll Heap Overflow CVE-2004-1481 20041001 EEYE: RealPlayer pnen3260.dll Heap Overflow RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities 12672 RealNetworks, Inc. Releases Update to Address Security Vulnerabilities RealPlayer pnen3260.dll Multiple Media File Length Field Overflow RealPlayer .rm First Data Packet Processing Overflow 11309 RealNetworks RealOne Player And RealPlayer PNen3260.DLL Remote Integer Overflow Vulnerability RealOne Player and RealPlayer Multiple Unspecified Remote Vulnerabilities RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. http://www.service.real.com/help/faq/security/040928_player/EN/ realplayer-rm-code-execution(17549) realplayer-rm-code-execution(17549) Vulnerable Configuration: Configuration 1 :cpe:/a:realnetworks:helix_player:1.0:*:*:*:*:linux:*:* OR cpe:/a:realnetworks:realone_player:1.0:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realone_player:2.0:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.0:beta:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.0:beta:*:*:*:mac_os_x:*:* OR cpe:/a:realnetworks:realplayer:10.5:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1016:beta:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:8.0:*:*:*:*:mac_os_x:*:* OR cpe:/a:realnetworks:realplayer:8.0:*:*:*:*:unix:*:* OR cpe:/a:realnetworks:realplayer:10.0:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.0:*:*:en:*:*:*:* OR cpe:/a:realnetworks:realplayer:8.0:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.0:*:*:ja:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.0:*:*:de:*:*:*:* OR cpe:/a:realnetworks:realplayer:10.0:*:*:*:*:linux:*:* OR cpe:/a:realnetworks:realplayer:-:*:*:*:enterprise:*:*:* OR cpe:/a:realnetworks:realone_player:9.0.0.297:*:*:*:*:macos:*:* OR cpe:/a:realnetworks:realone_player:9.0.0.288:*:*:*:*:macos:*:* BACK
realnetworks helix player 1.0
realnetworks realone player 1.0
realnetworks realone player 2.0
realnetworks realplayer 10.0 beta
realnetworks realplayer 10.0 beta
realnetworks realplayer 10.5
realnetworks realplayer 10.5_6.0.12.1016 beta
realnetworks realplayer 8.0
realnetworks realplayer 8.0
realnetworks realplayer 10.0
realnetworks realplayer 10.0
realnetworks realplayer 8.0
realnetworks realplayer 10.0_6.0.12.690
realnetworks realplayer 10.5_6.0.12.1040
realnetworks realplayer 10.0
realnetworks realplayer 10.0
realnetworks realplayer 10.0
realnetworks realplayer -
realnetworks realone player 9.0.0.297
realnetworks realone player 9.0.0.288
Denotes that component is vulnerable