CVE-2007-2263

Sažetak

Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.

Reference

http://osvdb.org/38344
http://secunia.com/advisories/27361
http://service.real.com/realplayer/security/10252007_player/en/
http://www.attrition.org/pipermail/vim/2007-October/001841.html
http://www.securityfocus.com/archive/1/483110/100/0/threaded
http://www.securityfocus.com/bid/26214
http://www.securityfocus.com/bid/26284
http://www.securitytracker.com/id?1018866
http://www.vupen.com/english/advisories/2007/3628
http://www.zerodayinitiative.com/advisories/ZDI-07-061.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/37436
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11432

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-10-2018 - 16:42

Objavljeno

31-10-2007 - 17:46