CVE-2007-4599
RealNetworks RealPlayer PLS File Memory Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
Un desbordamiento de búfer en la región stack de la memoria en RealNetworks RealPlayer versiones 10 y posiblemente en 10.5, y RealOne Player versiones 1 y 2, para Windows, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo de lista de reproducción (PLS) diseñada.
This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .pls file or visit a malicious web site.
The specific flaw exists during the parsing of corrupted playlist files. Malicious corruption causes RealPlayer to call into a static heap address which can be leveraged by an attacker resulting in arbitrary code execution under the context of the logged in user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-08-30 CVE Reserved
- 2007-10-31 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/38341 | Vdb Entry | |
| http://securitytracker.com/id?1018866 | Vdb Entry | |
| http://www.attrition.org/pipermail/vim/2007-October/001841.html | Mailing List | |
| http://www.securityfocus.com/archive/1/483112/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/26214 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-062.html | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37438 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/27361 | 2018-10-15 | |
| http://service.real.com/realplayer/security/10252007_player/en | 2018-10-15 |
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/3628 | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Realnetworks Search vendor "Realnetworks" | Realone Player Search vendor "Realnetworks" for product "Realone Player" | 1.0 Search vendor "Realnetworks" for product "Realone Player" and version "1.0" | windows, en |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realone Player Search vendor "Realnetworks" for product "Realone Player" | 2.0 Search vendor "Realnetworks" for product "Realone Player" and version "2.0" | windows |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.0 Search vendor "Realnetworks" for product "Realplayer" and version "10.0" | windows |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.5 Search vendor "Realnetworks" for product "Realplayer" and version "10.5" | 6.0.12.1040, windows |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.5 Search vendor "Realnetworks" for product "Realplayer" and version "10.5" | 6.0.12.1578, windows |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.5 Search vendor "Realnetworks" for product "Realplayer" and version "10.5" | 6.0.12.1698, windows |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.5 Search vendor "Realnetworks" for product "Realplayer" and version "10.5" | 6.0.12.1741, windows |
Affected
| ||||||