Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5601

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-5601
Last Modified 07 Mar 2011 12:00:00
Published 20 Oct 2007 04:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5601

Summary

Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.

Vulnerable Systems

Application

  • Realnetworks Realplayer 10.0

  • Realnetworks Realplayer 10.5

  • Realnetworks Realplayer 11 Beta


References

CERT - TA07-297A

CERT-VN - VU#871673

XF - realplayer-activex-bo(37280)

VUPEN - ADV-2007-3548

MISC - http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html

SECTRACK - 1018843

BID - 26130

MISC - http://www.infosecblog.org/2007/10/nasa-bans-ie.html

CONFIRM - http://service.real.com/realplayer/security/191007_player/en/

SECUNIA - 27248


Last Updated: 27 May 2016 10:46:13