Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2936

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-2936
Last Modified 19 May 2011 12:00:00
Published 18 Nov 2005 01:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2936

Summary

Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.

Vulnerable Systems

Application

  • Realnetworks Realone Player 1.0

  • Realnetworks Realone Player 2.0

  • Realnetworks Realplayer 10.0

  • Realnetworks Realplayer 10.5 6.0.12.1040

  • Realnetworks Realplayer 10.5 6.0.12.1348

  • Realnetworks Realplayer 8.0


References

VUPEN - ADV-2006-1057

CONFIRM - http://www.service.real.com/realplayer/security/03162006_player/en/

BID - 15448

IDEFENSE - 20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability

CONFIRM - http://service.real.com/help/faq/security/security111605.html

SECTRACK - 1015223

SECUNIA - 19358


Last Updated: 27 May 2016 10:40:40