CVE-2007-5601: Buffer Overflow
First published: Sat Oct 20 2007(Updated: )
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Realnetworks Realplayer | =10.0 | |
| Realnetworks Realplayer | =10.5 | |
| Realnetworks Realplayer | =11_beta |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/27248
- http://service.real.com/realplayer/security/191007_player/en/
- http://www.infosecblog.org/2007/10/nasa-bans-ie.html
- http://www.kb.cert.org/vuls/id/871673
- http://www.securityfocus.com/bid/26130
- http://www.securitytracker.com/id?1018843
- http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html
- http://www.us-cert.gov/cas/techalerts/TA07-297A.html
- http://www.vupen.com/english/advisories/2007/3548
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37280
- collector/nvd-index
- collector/nvd-historical
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/realnetworks
- canonical/realnetworks realplayer
- version/realnetworks realplayer/10.0
- version/realnetworks realplayer/10.5
- version/realnetworks realplayer/11_beta