Vulnerability Details CVE-2007-2263
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.1
EPSS Ranking 92.7%
CVSS Severity
CVSS v2 Score 9.3
References
- http://osvdb.org/38344
- http://secunia.com/advisories/27361
- http://service.real.com/realplayer/security/10252007_player/en/
- http://www.attrition.org/pipermail/vim/2007-October/001841.html
- http://www.securityfocus.com/archive/1/483110/100/0/threaded
- http://www.securityfocus.com/bid/26214
- http://www.securityfocus.com/bid/26284
- http://www.securitytracker.com/id?1018866
- http://www.vupen.com/english/advisories/2007/3628
- http://www.zerodayinitiative.com/advisories/ZDI-07-061.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37436
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11432
- http://osvdb.org/38344
- http://secunia.com/advisories/27361
- http://service.real.com/realplayer/security/10252007_player/en/
- http://www.attrition.org/pipermail/vim/2007-October/001841.html
- http://www.securityfocus.com/archive/1/483110/100/0/threaded
- http://www.securityfocus.com/bid/26214
- http://www.securityfocus.com/bid/26284
- http://www.securitytracker.com/id?1018866
- http://www.vupen.com/english/advisories/2007/3628
- http://www.zerodayinitiative.com/advisories/ZDI-07-061.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37436
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11432
Products affected by CVE-2007-2263
-
cpe:2.3:a:realnetworks:realone_player:*
-
cpe:2.3:a:realnetworks:realone_player:2.0
-
cpe:2.3:a:realnetworks:realplayer:10.0
-
cpe:2.3:a:realnetworks:realplayer:10.1
-
cpe:2.3:a:realnetworks:realplayer:10.5
-
cpe:2.3:a:realnetworks:realplayer_enterprise:*