Vulnerability/
CVE-2005-2922

9.3

CWE

119

31/12/2005

23/3/2006

7/8/2024

CVE-2005-2922: Buffer Overflow

First published: Sat Dec 31 2005(Updated: )

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Realnetworks Helix Player	=10.0
Realnetworks Helix Player	=10.0.1
Realnetworks Helix Player	=10.0.2
Realnetworks Helix Player	=10.0.3
Realnetworks Helix Player	=10.0.4
Realnetworks Helix Player	=10.0.5
Realnetworks Helix Player	=10.0.6
Realnetworks Realone Player
Realnetworks Realone Player	=0.288
Realnetworks Realone Player	=0.297
Realnetworks Realone Player	=1.0
Realnetworks Realone Player	=2.0
Realnetworks Realplayer
Realnetworks Realplayer	=8.0
Realnetworks Realplayer	=10.0
Realnetworks Realplayer	=10.0.0.305
Realnetworks Realplayer	=10.0.0.331
Realnetworks Realplayer	=10.0.1
Realnetworks Realplayer	=10.0.2
Realnetworks Realplayer	=10.0.3
Realnetworks Realplayer	=10.0.4
Realnetworks Realplayer	=10.0.5
Realnetworks Realplayer	=10.0.6
Realnetworks Realplayer	=10.5
Realnetworks Realplayer	=10.5_6.0.12.1040
Realnetworks Realplayer	=10.5_6.0.12.1053
Realnetworks Realplayer	=10.5_6.0.12.1056
Realnetworks Realplayer	=10.5_6.0.12.1059
Realnetworks Realplayer	=10.5_6.0.12.1069
Realnetworks Realplayer	=10.5_6.0.12.1235
Realnetworks Rhapsody	=3.0
Realnetworks Rhapsody	=3.0_build_0.815

Remedy

http://secunia.com/advisories/19365

Remedy

http://www.kb.cert.org/vuls/id/172489

Remedy

http://www.novell.com/linux/security/advisories/2006_18_realplayer.html

Remedy

http://www.redhat.com/support/errata/RHSA-2005-762.html

Remedy

http://www.redhat.com/support/errata/RHSA-2005-788.html

Remedy

http://www.service.real.com/realplayer/security/03162006_player/en/

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Example email

Reference Links

collector/nvd-index
collector/nvd-historical
vendor/realnetworks
product/helix player
canonical/realnetworks helix player
product/realplayer
canonical/realnetworks realplayer
product/realone player
canonical/realnetworks realone player
product/rhapsody
canonical/realnetworks rhapsody
agent/severity
agent/author
agent/type
agent/event
agent/references
agent/weakness
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
version/realnetworks helix player/10.0
version/realnetworks helix player/10.0.1
version/realnetworks helix player/10.0.2
version/realnetworks helix player/10.0.3
version/realnetworks helix player/10.0.4
version/realnetworks helix player/10.0.5
version/realnetworks helix player/10.0.6
version/realnetworks realone player/0.288
version/realnetworks realone player/0.297
version/realnetworks realone player/1.0
version/realnetworks realone player/2.0
version/realnetworks realplayer/8.0
version/realnetworks realplayer/10.0
version/realnetworks realplayer/10.0.0.305
version/realnetworks realplayer/10.0.0.331
version/realnetworks realplayer/10.0.1
version/realnetworks realplayer/10.0.2
version/realnetworks realplayer/10.0.3
version/realnetworks realplayer/10.0.4
version/realnetworks realplayer/10.0.5
version/realnetworks realplayer/10.0.6
version/realnetworks realplayer/10.5
version/realnetworks realplayer/10.5_6.0.12.1040
version/realnetworks realplayer/10.5_6.0.12.1053
version/realnetworks realplayer/10.5_6.0.12.1056
version/realnetworks realplayer/10.5_6.0.12.1059
version/realnetworks realplayer/10.5_6.0.12.1069
version/realnetworks realplayer/10.5_6.0.12.1235
version/realnetworks rhapsody/3.0
version/realnetworks rhapsody/3.0_build_0.815

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203