Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0323

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-0323
Last Modified 07 Mar 2011 09:29:47
Published 23 Mar 2006 06:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0323

Summary

Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a a size value that is less than the actual size, or (2) other unspecified manipulations.

Vulnerable Systems

Application

  • Realnetworks Helix Player

  • Realnetworks Realone Player

  • Realnetworks Realplayer 10.0

  • Realnetworks Realplayer 10.0.6

  • Realnetworks Realplayer 10.5

  • Realnetworks Rhapsody 3


References

CERT-VN - VU#231028

CONFIRM - http://www.service.real.com/realplayer/security/03162006_player/en/

REDHAT - RHSA-2006:0257

SUSE - SUSE-SA:2006:018

GENTOO - GLSA-200603-24

SECUNIA - 19365

SECUNIA - 19362

XF - realnetworks-swf-bo(25408)

VUPEN - ADV-2006-1057

BID - 17202

BUGTRAQ - 20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities

SECTRACK - 1015806

SREASON - 690

SECUNIA - 19390

SECUNIA - 19358


Last Updated: 27 May 2016 10:41:36