Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3677

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3677
Last Modified 05 Sep 2008 04:55:00
Published 18 Nov 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3677

Summary

Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.

Vulnerable Systems

Application

  • Realnetworks Realplayer 10.0

  • Realnetworks Realplayer 10.5 6.0.12.1040

  • Realnetworks Realplayer 10.5 6.0.12.1053

  • Realnetworks Realplayer 10.5 6.0.12.1056

  • Realnetworks Realplayer 10.5 6.0.12.1059

  • Realnetworks Realplayer 10.5 6.0.12.1069

  • Realnetworks Realplayer 10.5 6.0.12.1235


References

BID - 15398

CONFIRM - http://service.real.com/help/faq/security/051110_player/EN/

SECUNIA - 17514

BUGTRAQ - 20051111 High Risk Flaw in RealPlayer


Last Updated: 27 May 2016 10:41:00