Lucene search

MitreCVE-2004-1481

HistoryFeb 13, 2005 - 5:00 a.m.

CVE-2004-1481

2005-02-1305:00:00

mitre

web.nvd.nist.gov

cve-2004-1481

realplayer

realone player

integer overflow

remote code execution

smil file

buffer overflow

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.26

Percentile

96.7%

JSON

Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.

Affected configurations

Nvd

Node

realnetworkshelix_playerMatch1.0linux

realnetworksrealone_playerMatch1.0

realnetworksrealone_playerMatch2.0

realnetworksrealone_playerMatch9.0.0.288macos

realnetworksrealone_playerMatch9.0.0.297macos

realnetworksrealplayerMatch-enterprise

realnetworksrealplayerMatch8.0

realnetworksrealplayerMatch8.0mac_os_x

realnetworksrealplayerMatch8.0unix

realnetworksrealplayerMatch10.0

realnetworksrealplayerMatch10.0linux

realnetworksrealplayerMatch10.0de

realnetworksrealplayerMatch10.0en

realnetworksrealplayerMatch10.0ja

realnetworksrealplayerMatch10.0beta

realnetworksrealplayerMatch10.0betamac_os_x

realnetworksrealplayerMatch10.0_6.0.12.690

realnetworksrealplayerMatch10.5

realnetworksrealplayerMatch10.5_6.0.12.1016beta

realnetworksrealplayerMatch10.5_6.0.12.1040

VendorProductVersionCPE
realnetworkshelix_player1.0cpe:2.3:a:realnetworks:helix_player:1.0:*:*:*:*:linux:*:*
realnetworksrealone_player1.0cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
realnetworksrealone_player2.0cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
realnetworksrealone_player9.0.0.288cpe:2.3:a:realnetworks:realone_player:9.0.0.288:*:*:*:*:macos:*:*
realnetworksrealone_player9.0.0.297cpe:2.3:a:realnetworks:realone_player:9.0.0.297:*:*:*:*:macos:*:*
realnetworksrealplayer-cpe:2.3:a:realnetworks:realplayer:-:*:*:*:enterprise:*:*:*
realnetworksrealplayer8.0cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*
realnetworksrealplayer8.0cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:mac_os_x:*:*
realnetworksrealplayer8.0cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:unix:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
realnetworks	helix_player	1.0	cpe:2.3:a:realnetworks:helix_player:1.0:::::linux::
realnetworks	realone_player	1.0	cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
realnetworks	realone_player	2.0	cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
realnetworks	realone_player	9.0.0.288	cpe:2.3:a:realnetworks:realone_player:9.0.0.288:::::macos::
realnetworks	realone_player	9.0.0.297	cpe:2.3:a:realnetworks:realone_player:9.0.0.297:::::macos::
realnetworks	realplayer	-	cpe:2.3:a:realnetworks:realplayer:-::::enterprise:::
realnetworks	realplayer	8.0	cpe:2.3:a:realnetworks:realplayer:8.0:::::::*
realnetworks	realplayer	8.0	cpe:2.3:a:realnetworks:realplayer:8.0:::::mac_os_x::
realnetworks	realplayer	8.0	cpe:2.3:a:realnetworks:realplayer:8.0:::::unix::
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:::::::*

Rows per page:

1-10 of 201

References

marc.info/?l=ntbugtraq&m=109708374115061&w=2

secunia.com/advisories/12672

www.securityfocus.com/bid/11309

www.service.real.com/help/faq/security/040928_player/EN/

exchange.xforce.ibmcloud.com/vulnerabilities/17549

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.26

Percentile

96.7%

JSON

Related for CVE-2004-1481