Vulnerability Name:

CVE-2007-5080 (CCN-37434)

Assigned:2007-10-25
Published:2007-10-25
Updated:2017-07-29
Summary:Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-5080

Source: CCN
Type: SA27361
RealPlayer/RealOne/HelixPlayer Multiple Buffer Overflows

Source: SECUNIA
Type: Patch, Vendor Advisory
27361

Source: CCN
Type: SECTRACK ID: 1018866
RealPlayer Buffer Overflows in Processing MP3, RM, SWF, RAM, and PLS Files Lets Remote Users Execute Arbitrary Code

Source: CONFIRM
Type: Patch
http://service.real.com/realplayer/security/10252007_player/en/

Source: VIM
Type: UNKNOWN
20071030 RealPlayer Updates of October 25, 2007

Source: CCN
Type: US-CERT VU#759385
RealNetworks player "Lyrics3" buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#759385

Source: CCN
Type: NGSSoftware Insight Security Research Advisory NGS00432
High Risk Vulnerability in Real Player (ID3 tags)

Source: MISC
Type: UNKNOWN
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/

Source: CCN
Type: OSVDB ID: 38339
RealPlayer MP3 File Lyrics3 2.00 Tag Handling Overflow

Source: BID
Type: UNKNOWN
26214

Source: CCN
Type: BID-26214
RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1018866

Source: CCN
Type: RealNetworks Customer Support - Real Security Updates Web page
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Source: VUPEN
Type: UNKNOWN
ADV-2007-3628

Source: XF
Type: UNKNOWN
realplayer-mp3-id3-bo(37434)

Source: XF
Type: UNKNOWN
realplayer-mp3-bo(37434)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:realnetworks:realone_player:1.0:*:windows:en:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    realnetworks realone player 1.0
    realnetworks realone player 2.0
    realnetworks realplayer 10.0
    realnetworks realplayer 10.5 6.0.12.1040
    realnetworks realplayer 10.5 6.0.12.1578
    realnetworks realplayer 10.5 6.0.12.1698
    realnetworks realplayer 10.5 6.0.12.1741
    realnetworks realplayer enterprise *