CVE-2002-1321

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.

Mültiples desbordamientos de búfer en RealOne y RealPlayer permite a atacantes remotos ejecutar código arbitrario mediante

un fichero de Lenguaje de Integración Multimedia Sincronizada (SMIL) con un parámetro largo.
un nombre de fichero largo en una petición rtsp://, por ejemplo un fichero. m3u, o
Ciertas opciones "Now Playing" (Reproduciendo Ahora) en un fichero descargado con un nombre de fichero largo.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2002-11-26 CVE Reserved
2002-11-27 CVE Published
2023-03-07 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=103808645120764&w=2	Mailing List
http://service.real.com/help/faq/security/bufferoverrun_player.html	X_refsource_confirm
http://www.securityfocus.com/bid/6227	Vdb Entry
http://www.securityfocus.com/bid/6229	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10677	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Realnetworks Search vendor "Realnetworks"		Realone Player Search vendor "Realnetworks" for product "Realone Player"				2.0 Search vendor "Realnetworks" for product "Realone Player" and version "2.0"		-		Affected
Realnetworks Search vendor "Realnetworks"		Realplayer Search vendor "Realnetworks" for product "Realplayer"				*		g2		Affected
Realnetworks Search vendor "Realnetworks"		Realplayer Search vendor "Realnetworks" for product "Realplayer"				6.0 Search vendor "Realnetworks" for product "Realplayer" and version "6.0"		win32		Affected
Realnetworks Search vendor "Realnetworks"		Realplayer Search vendor "Realnetworks" for product "Realplayer"				7.0 Search vendor "Realnetworks" for product "Realplayer" and version "7.0"		win32		Affected
Realnetworks Search vendor "Realnetworks"		Realplayer Search vendor "Realnetworks" for product "Realplayer"				8.0 Search vendor "Realnetworks" for product "Realplayer" and version "8.0"		win32		Affected