CVE-2007-5601
RealPlayer - 'ierpplug.dll' ActiveX Control Playlist Name Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
Un desbordamiento de búfer en la región stack de la memoria en el Database Component en la biblioteca MPAMedia.dll en RealNetworks RealPlayer versiones 10.5 y 11 beta, y anteriores, incluyendo versión 10, RealOne Player y RealOne Player versión 2, permite a atacantes remotos ejecutar código arbitrario por medio de ciertos nombres de lista de reproducción, como es demostrado por medio del método import en el control ActiveX IERPCtl en la biblioteca ierpplug.dl.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-18 First Exploit
- 2007-10-20 CVE Reserved
- 2007-10-20 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://service.real.com/realplayer/security/191007_player/en | X_refsource_confirm | |
| http://www.infosecblog.org/2007/10/nasa-bans-ie.html | X_refsource_misc | |
| http://www.kb.cert.org/vuls/id/871673 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/26130 | Vdb Entry | |
| http://www.securitytracker.com/id?1018843 | Vdb Entry | |
| http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html | X_refsource_misc | |
| http://www.us-cert.gov/cas/techalerts/TA07-297A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37280 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16497 | 2010-05-09 | |
| https://www.exploit-db.com/exploits/30692 | 2007-10-18 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/27248 | 2017-07-29 | |
| http://www.vupen.com/english/advisories/2007/3548 | 2017-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.0 Search vendor "Realnetworks" for product "Realplayer" and version "10.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.5 Search vendor "Realnetworks" for product "Realplayer" and version "10.5" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 11_beta Search vendor "Realnetworks" for product "Realplayer" and version "11_beta" | - |
Affected
| ||||||