Vulnerability Name:

CVE-2007-2264 (CCN-37437)

Assigned:2007-10-25
Published:2007-10-25
Updated:2018-10-16
Summary:Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2264

Source: CCN
Type: RHSA-2007-0841
Critical: RealPlayer security update

Source: CCN
Type: SA27361
RealPlayer/RealOne/HelixPlayer Multiple Buffer Overflows

Source: SECUNIA
Type: Patch, Vendor Advisory
27361

Source: CCN
Type: SECTRACK ID: 1018866
RealPlayer Buffer Overflows in Processing MP3, RM, SWF, RAM, and PLS Files Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1018866

Source: CONFIRM
Type: UNKNOWN
http://service.real.com/realplayer/security/10252007_player/en/

Source: VIM
Type: UNKNOWN
20071030 RealPlayer Updates of October 25, 2007

Source: BUGTRAQ
Type: UNKNOWN
20071031 ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability

Source: BID
Type: Patch
26214

Source: CCN
Type: BID-26214
RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities

Source: CCN
Type: RealNetworks Customer Support - Real Security Updates Web page
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Source: VUPEN
Type: Vendor Advisory
ADV-2007-3628

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-063.html

Source: XF
Type: UNKNOWN
realplayer-ram-bo(37437)

Source: XF
Type: UNKNOWN
realplayer-ram-bo(37437)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9100

Source: CCN
Type: ZDI-07-063
RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:realnetworks:realone_player:*:*:mac:en:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:1.0:*:windows:en:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:10.0.0.305:mac:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:10.0.0.331:mac:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:10.0.0.352:mac:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:10.0.5:linux:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:10.0.6:linux:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:10.0.7:linux:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:10.0.8:linux:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:10.0.9:linux:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.1:10.0.0.396:mac:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.1:10.0.0.412:mac:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.1:10.0.0._481:mac:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:9100
    V
    Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.
    2010-09-06
    BACK
    realnetworks realone player *
    realnetworks realone player 1.0
    realnetworks realone player 2.0
    realnetworks realplayer 8.0
    realnetworks realplayer 10.0
    realnetworks realplayer 10.0 10.0.0.305
    realnetworks realplayer 10.0 10.0.0.331
    realnetworks realplayer 10.0 10.0.0.352
    realnetworks realplayer 10.0 10.0.5
    realnetworks realplayer 10.0 10.0.6
    realnetworks realplayer 10.0 10.0.7
    realnetworks realplayer 10.0 10.0.8
    realnetworks realplayer 10.0 10.0.9
    realnetworks realplayer 10.1 10.0.0.396
    realnetworks realplayer 10.1 10.0.0.412
    realnetworks realplayer 10.1 10.0.0._481
    realnetworks realplayer 10.5 6.0.12.1040
    realnetworks realplayer 10.5 6.0.12.1578
    realnetworks realplayer 10.5 6.0.12.1698
    realnetworks realplayer 10.5 6.0.12.1741
    realnetworks realplayer enterprise *