| Vulnerability Name: | CVE-2005-2710 (CCN-22465) | ||||||||||||||||||||
| Assigned: | 2005-09-26 | ||||||||||||||||||||
| Published: | 2005-09-26 | ||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||
| Summary: | Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file. | ||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 4.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Fri Sep 30 2005 - 13:23:45 CDT iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability Source: CONFIRM Type: Vendor Advisory http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168078 Source: MITRE Type: CNA CVE-2005-2710 Source: BUGTRAQ Type: UNKNOWN 20050926 RealPlayer && HelixPlayer Remote Format String Exploit Source: FULLDISC Type: UNKNOWN 20050926 RealPlayer && HelixPlayer Remote Format String Source: CCN Type: RHSA-2005-762 RealPlayer security update Source: CCN Type: RHSA-2005-788 HelixPlayer security update Source: CCN Type: SA16954 Helix Player Error Message Format String Vulnerabilities Source: SECUNIA Type: UNKNOWN 16954 Source: CCN Type: SA16961 RealPlayer Error Message Format String Vulnerabilities Source: SECUNIA Type: UNKNOWN 16961 Source: SECUNIA Type: UNKNOWN 16981 Source: SECUNIA Type: UNKNOWN 17116 Source: SECUNIA Type: UNKNOWN 17127 Source: SREASON Type: UNKNOWN 27 Source: SREASON Type: UNKNOWN 41 Source: CCN Type: RealPlayer Customer Support Web page RealNetworks, Inc. Releases Update to Address Security Vulnerabilities Source: DEBIAN Type: Vendor Advisory DSA-826 Source: DEBIAN Type: DSA-826 helix-player -- multiple vulnerabilities Source: CCN Type: GLSA-200510-07 RealPlayer, Helix Player: Format string vulnerability Source: GENTOO Type: UNKNOWN GLSA-200510-07 Source: IDEFENSE Type: Vendor Advisory 20050930 RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability Source: CCN Type: US-CERT VU#361181 Helix Player format string vulnerability Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#361181 Source: SUSE Type: UNKNOWN SUSE-SA:2005:059 Source: MISC Type: Vendor Advisory http://www.open-security.org/advisories/13 Source: REDHAT Type: UNKNOWN RHSA-2005:762 Source: REDHAT Type: Vendor Advisory RHSA-2005:788 Source: XF Type: UNKNOWN realplayer-helix-realpix-format-string(22465) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11015 Source: CCN Type: Helix Player Community Download Web page Player Downloads Source: SUSE Type: SUSE-SA:2005:059 RealPlayer: remote code execution | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||