| Vulnerability Name: | CVE-2005-2629 (CCN-23024) | ||||||||||||||||
| Assigned: | 2005-11-10 | ||||||||||||||||
| Published: | 2005-11-10 | ||||||||||||||||
| Updated: | 2018-05-03 | ||||||||||||||||
| Summary: | Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481. | ||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: CCN Type: Neohapsis Archives Message #0269 11/10/2005 [EEYEB-20050510] - RealPlayer Data Packet Stack Overflow Source: MITRE Type: CNA CVE-2005-2629 Source: EEYE Type: UNKNOWN EEYEB20050510 Source: CCN Type: RHSA-2005-762 RealPlayer security update Source: CCN Type: RHSA-2005-788 HelixPlayer security update Source: CCN Type: SA17514 RealPlayer/RealOne/HelixPlayer "rm" and "rjs" File Handling Buffer Overflow Source: SECUNIA Type: Patch, Vendor Advisory 17514 Source: SECUNIA Type: UNKNOWN 17559 Source: SECUNIA Type: Patch, Vendor Advisory 17860 Source: SREASON Type: UNKNOWN 169 Source: CCN Type: SECTRACK ID: 1015184 RealPlayer Enterprise Buffer Overflows in Processing .rm Files and Skin Files Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015184 Source: CCN Type: SECTRACK ID: 1015185 RealPlayer/RealOne Player Buffer Overflows in Processing .rm Files and Skin Files Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015185 Source: CCN Type: SECTRACK ID: 1015186 Helix Player Buffer Overflows in Processing .rm Files and Skin Files Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015186 Source: CCN Type: RealPlayer Customer Support Web page RealNetworks, Inc. Releases Update to Address Security Vulnerabilities Source: CONFIRM Type: Patch http://service.real.com/help/faq/security/051110_player/EN/ Source: DEBIAN Type: Patch, Vendor Advisory DSA-915 Source: DEBIAN Type: DSA-915 helix-player -- buffer overflow Source: CCN Type: eEye Published Advisory AD20051110a RealPlayer Data Packet Stack Overflow Source: EEYE Type: Patch, Vendor Advisory AD20051110a Source: CCN Type: BID-15381 RealNetworks RealOne Player/RealPlayer RM File Remote Stack Based Buffer Overflow Vulnerability Source: BID Type: UNKNOWN 15381 Source: XF Type: UNKNOWN realplayer-rm-datapacket-bo(23024) Source: XF Type: UNKNOWN realplayer-rm-datapacket-bo(23024) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9550 Source: SUSE Type: SUSE-SR:2005:026 SUSE Security Summary Report | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||