Vulnerability Name:

CVE-2005-2936 (CCN-23094)

Assigned:2005-11-15
Published:2005-11-15
Updated:2011-05-19
Summary:Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Full-Disclosure Mailing List, Mon May 09 2005 - 15:14:02 CDT
Useless tidbit

Source: CCN
Type: Full-Disclosure Mailing List, Tue Jan 17 2006 - 15:45:14 CST
[ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess()

Source: CCN
Type: Full-Disclosure Mailing List, Wed Aug 29 2007 - 17:27:07 CDT
Multiple improper file path handling issues

Source: MITRE
Type: CNA
CVE-2005-2935

Source: MITRE
Type: CNA
CVE-2005-2936

Source: MITRE
Type: CNA
CVE-2005-2938

Source: MITRE
Type: CNA
CVE-2005-2939

Source: MITRE
Type: CNA
CVE-2005-2940

Source: MITRE
Type: CNA
CVE-2005-3663

Source: MITRE
Type: CNA
CVE-2006-0255

Source: MITRE
Type: CNA
CVE-2019-4245

Source: CCN
Type: SA19358
RealNetworks Products Multiple Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
19358

Source: CCN
Type: SECTRACK ID: 1015222
Apple iTunes for Windows Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1015223
RealPlayer Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015223

Source: CCN
Type: SECTRACK ID: 1015224
Kaspersky Anti-Virus for Windows File Servers Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1015225
VMware Workstation Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1015226
Microsoft AntiSpyware Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CONFIRM
Type: UNKNOWN
http://service.real.com/help/faq/security/security111605.html

Source: CCN
Type: RealNetworks Customer Support - Real Security Updates March 16, 2006
RealNetworks Releases Product Updates.

Source: CCN
Type: Apple Web site
Apple - ITunes - Download iTunes

Source: CCN
Type: iDEFENSE Security Advisory 11.15.05
Multiple Vendor Insecure Call to CreateProcess() Vulnerability

Source: IDEFENSE
Type: Vendor Advisory
20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability

Source: CCN
Type: OSVDB ID: 17088
Microsoft AntiSpyware gsasDtServ.exe Path Subversion Privilege Escalation

Source: CCN
Type: OSVDB ID: 20988
Apple iTunes iTunesHelper.exe Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 21009
Kaspersky Anti-Virus Search Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 21010
RealPlayer Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 21011
VMware Workstation Search Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 22703
Check Point VPN-1 SecureClient SR_Watchdog.exe Path Subversion Local Privilege Escalation

Source: CCN
Type: BID-15446
Apple iTunes 6 For Windows Arbitrary Local Code Execution Vulnerability

Source: BID
Type: UNKNOWN
15448

Source: CCN
Type: BID-15448
Multiple Vendor lpCommandLine Application Path Vulnerability

Source: CCN
Type: BID-16290
Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.service.real.com/realplayer/security/03162006_player/en/

Source: VUPEN
Type: Vendor Advisory
ADV-2006-1057

Source: XF
Type: UNKNOWN
multiple-vendor-insecure-createprocess(23094)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [08-15-2012]

Source: CCN
Type: IBM Security Bulletin 880775 (Cognos TM1)
IBM Cognos TM1 is affected by multiple vulnerabilities (CVE-2018-15494, CVE-2019-4245)

Source: CCN
Type: IBM Security Bulletin 884724 (Planning Analytics)
Multiple vulnerabilities affect IBM Planning Analytics

Vulnerable Configuration:Configuration 1:
  • cpe:/a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1348:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apple:itunes:4.7.1.30:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:antispyware:1.0.509:beta1:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:vpn-1_secureclient:-:*:*:*:*:*:*:*
  • OR cpe:/a:norman:norman_virus_control:5.90:*:*:*:*:*:*:*
  • OR cpe:/a:agnitum:outpost_firewall:*:*:pro:*:*:*:*:*
  • OR cpe:/a:agnitum:outpost_security_suite:6.7.3.3063.452.0726:-:professional:*:*:*:*:*
  • OR cpe:/a:hauri:virobot_desktop:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:cognos_tm1:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    realnetworks realone player 1.0
    realnetworks realone player 2.0
    realnetworks realplayer 8.0
    realnetworks realplayer 10.0
    realnetworks realplayer 10.5_6.0.12.1040
    realnetworks realplayer 10.5_6.0.12.1348
    apple itunes 4.7.1.30
    microsoft antispyware 1.0.509 beta1
    checkpoint vpn-1 secureclient -
    norman norman virus control 5.90
    agnitum outpost firewall *
    agnitum outpost security suite 6.7.3.3063.452.0726 -
    hauri virobot desktop 5.5
    vmware workstation 5.0.0_build_13124
    ibm cognos tm1 10.2.2
    ibm planning analytics 2.0.3
    ibm planning analytics 2.0
    ibm planning analytics 2.0.1
    ibm planning analytics 2.0.2
    ibm planning analytics 2.0.4
    ibm planning analytics 2.0.5
    ibm planning analytics 2.0.6