Vulnerability CVE-2006-1370 - CERT Civis.Net

Vulnerability Name:

CVE-2006-1370 (CCN-25411)

Assigned:

2006-03-22

Published:

2006-03-22

Updated:

2017-07-20

Summary:

Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file.
This vulnerability affects all versions of RealNetworks, RealPlayer from 10.5 v6.0.12.1040 through 10.5 v6.0.12.1348.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2006-1370

Source: CCN
Type: SA19358
RealNetworks Products Multiple Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
19358

Source: CCN
Type: SECTRACK ID: 1015810
RealPlayer Buffer Overflow in Processing Mimio Broadcast Files May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015810

Source: CCN
Type: RealNetworks Customer Support - Real Security Updates Web page
RealNetworks Releases Product Updates - 03162006

Source: CCN
Type: US-CERT VU#451556
RealNetworks products vulnerable to buffer overflow via specially crafted MBC file

Source: CERT-VN
Type: US Government Resource
VU#451556

Source: CCN
Type: OSVDB ID: 24063
RealNetworks Multiple Products MBC File Processing Overflow

Source: BID
Type: UNKNOWN
17202

Source: CCN
Type: BID-17202
RealNetworks Multiple Products Multiple Buffer Overflow Vulnerabilities

Source: CONFIRM
Type: Patch
http://www.service.real.com/realplayer/security/03162006_player/en/

Source: VUPEN
Type: UNKNOWN
ADV-2006-1057

Source: XF
Type: UNKNOWN
realnetworks-mbc-bo(25411)

Source: XF
Type: UNKNOWN
realnetworks-mbc-bo(25411)

Vulnerable Configuration:

Configuration 1:

cpe:/a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1056:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1059:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1069:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1235:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1348:*:*:*:*:*:*:*

Denotes that component is vulnerable