CVE-2004-1481

Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=ntbugtraq&m=109708374115061&w=2	Mailing List Third Party Advisory
http://secunia.com/advisories/12672	Third Party Advisory
http://www.securityfocus.com/bid/11309	Patch Third Party Advisory VDB Entry
http://www.service.real.com/help/faq/security/040928_player/EN/	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/17549	Third Party Advisory VDB Entry
http://marc.info/?l=ntbugtraq&m=109708374115061&w=2	Mailing List Third Party Advisory
http://secunia.com/advisories/12672	Third Party Advisory
http://www.securityfocus.com/bid/11309	Patch Third Party Advisory VDB Entry
http://www.service.real.com/help/faq/security/040928_player/EN/	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/17549	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:realnetworks:helix_player:1.0:::::linux::
	cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
	cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
	cpe:2.3:a:realnetworks:realone_player:9.0.0.288:::::macos::
	cpe:2.3:a:realnetworks:realone_player:9.0.0.297:::::macos::
	cpe:2.3:a:realnetworks:realplayer:-::::enterprise:::
	cpe:2.3:a:realnetworks:realplayer:8.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:8.0:::::mac_os_x::
	cpe:2.3:a:realnetworks:realplayer:8.0:::::unix::
	cpe:2.3:a:realnetworks:realplayer:10.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.0:::::linux::
	cpe:2.3:a:realnetworks:realplayer:10.0:::de::::
	cpe:2.3:a:realnetworks:realplayer:10.0:::en::::
	cpe:2.3:a:realnetworks:realplayer:10.0:::ja::::
	cpe:2.3:a:realnetworks:realplayer:10.0:beta::::::
	cpe:2.3:a:realnetworks:realplayer:10.0:beta::::mac_os_x::*
	cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.5:::::::*
	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016:beta::::::
	cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:::::::*

History

20 Nov 2024, 23:50

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=ntbugtraq&m=109708374115061&w=2 - Mailing List, Third Party Advisory~~	() http://marc.info/?l=ntbugtraq&m=109708374115061&w=2 - Mailing List, Third Party Advisory
References	~~() http://secunia.com/advisories/12672 - Third Party Advisory~~	() http://secunia.com/advisories/12672 - Third Party Advisory
References	~~() http://www.securityfocus.com/bid/11309 - Patch, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/11309 - Patch, Third Party Advisory, VDB Entry
References	~~() http://www.service.real.com/help/faq/security/040928_player/EN/ - Broken Link~~	() http://www.service.real.com/help/faq/security/040928_player/EN/ - Broken Link
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/17549 - Third Party Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/17549 - Third Party Advisory, VDB Entry

11 Aug 2021, 14:19

Type	Values Removed	Values Added
CPE	cpe:2.3:a:realnetworks:realone_player:9.0.0.288:::::mac_os_x:: cpe:2.3:a:realnetworks:realone_player:9.0.0.297:::::mac_os_x::	cpe:2.3:a:realnetworks:realone_player:9.0.0.288:::::macos:: cpe:2.3:a:realnetworks:realone_player:9.0.0.297:::::macos::

Information

Published : 2004-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-1481

Mitre link : CVE-2004-1481

CVE.ORG link : CVE-2004-1481

JSON object : View

Products Affected

realnetworks

realplayer
realone_player
helix_player

CWE

NVD-CWE-Other

5.1 /10