CVE-2005-0455

2005-05-0204:00:00

mitre

web.nvd.nist.gov

cve-2005-0455

realnetworks

realplayer

buffer overflow

remote code execution

smlparse

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.463

Percentile

97.5%

JSON

Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.

Affected configurations

Nvd

Node

realnetworksrealone_playerMatch1.0

realnetworksrealone_playerMatch2.0

realnetworksrealplayerMatch8.0

realnetworksrealplayerMatch8.0win32

realnetworksrealplayerMatch10.0

realnetworksrealplayerMatch10.0_6.0.12.690

realnetworksrealplayerMatch10.0_beta

realnetworksrealplayerMatch10.5

realnetworksrealplayerMatch10.5_6.0.12.1016_beta

realnetworksrealplayerMatch10.5_6.0.12.1040

realnetworksrealplayerMatch10.5_6.0.12.1053

VendorProductVersionCPE
realnetworksrealone_player1.0cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
realnetworksrealone_player2.0cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
realnetworksrealplayer8.0cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*
realnetworksrealplayer8.0cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
realnetworksrealplayer10.0_6.0.12.690cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*
realnetworksrealplayer10.0_betacpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*
realnetworksrealplayer10.5cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
realnetworksrealplayer10.5_6.0.12.1016_betacpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*
realnetworksrealplayer10.5_6.0.12.1040cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
realnetworks	realone_player	1.0	cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
realnetworks	realone_player	2.0	cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
realnetworks	realplayer	8.0	cpe:2.3:a:realnetworks:realplayer:8.0:::::::*
realnetworks	realplayer	8.0	cpe:2.3:a:realnetworks:realplayer:8.0::win32:::::
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:::::::*
realnetworks	realplayer	10.0_6.0.12.690	cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:::::::*
realnetworks	realplayer	10.0_beta	cpe:2.3:a:realnetworks:realplayer:10.0_beta:::::::*
realnetworks	realplayer	10.5	cpe:2.3:a:realnetworks:realplayer:10.5:::::::*
realnetworks	realplayer	10.5_6.0.12.1016_beta	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:::::::*
realnetworks	realplayer	10.5_6.0.12.1040	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:::::::*