| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability was found in RealNetworks RealPlayer. It has been rated as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. The attack is possible to be carried out remotely. Moreover, an exploit is present. To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability was found in RealNetworks RealPlayer (Multimedia Player Software) (version unknown) and classified as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability.
The weakness was disclosed 06/10/2004 by Karl Lynn with eEye (Website). It is possible to read the advisory at eeye.com. The attack may be initiated remotely. Technical details are unknown but an exploit is available.
The exploit is available at eeye.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $5k-$25k.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at service.real.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (16388), SecurityFocus (BID 10520†), OSVDB (6851†) and Secunia (SA11422†). securityfocus.com is providing further details. The entries VDB-708 and VDB-861 are pretty similar. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.realnetworks.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 5.7
VulDB Base Score: 6.3
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
Download: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: service.real.com
Timeline
06/10/2004 🔍06/10/2004 🔍
06/11/2004 🔍
06/11/2004 🔍
06/15/2004 🔍
06/28/2019 🔍
Sources
Vendor: realnetworks.comAdvisory: eeye.com
Researcher: Karl Lynn
Organization: eEye
Status: Not defined
GCVE (VulDB): GCVE-100-707
X-Force: 16388
SecurityFocus: 10520 - RealNetwork RealPlayer Media File Heap Overflow Vulnerabilities
Secunia: 11422 - RealPlayer Multiple Buffer Overflow Vulnerabilities, Highly Critical
OSVDB: 6851 - RealPlayer embd3260.dll URL Parsing Overflow
SecuriTeam: securiteam.com
Misc.: 🔍
See also: 🔍
Entry
Created: 06/15/2004 11:42Updated: 06/28/2019 17:07
Changes: 06/15/2004 11:42 (63), 06/28/2019 17:07 (2)
Complete: 🔍
Cache ID: 216:89A:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.