Published: 27/09/2005 Updated: 11/10/2017

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 515

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote malicious users to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
realnetworks helix player
realnetworks realplayer 10.0

Synopsis RealPlayer security update Type/Severity Security Advisory: Critical Topic An updated RealPlayer package that fixes a format string bug is now availableThis update has been rated as having critical security impact by the Red HatSecurity Response Team Description RealPlayer is a m ...

Synopsis HelixPlayer security update Type/Severity Security Advisory: Critical Topic An updated HelixPlayer package that fixes a string format issue is nowavailableThis update has been rated as having critical security impact by the RedHat Security Response Team Description HelixPlayer is ...

Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources CAN-2005-1766 Buffer overflow in the RealText parser could allow remote code execution via a specially crafted RealMedia file with a lo ...

/* ***************************************************************************************************************** $ An open security advisory #13 - RealPlayer and Helix Player Remote Format String Exploit ***************************************************************************************************************** 1: Bug Researcher: ...

NVD-CWE-Other http://www.open-security.org/advisories/13 http://www.redhat.com/support/errata/RHSA-2005-788.html http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168078 http://www.debian.org/security/2005/dsa-826 http://www.idefense.com/application/poi/display?id=311&type=vulnerabilities http://www.gentoo.org/security/en/glsa/glsa-200510-07.xml http://www.kb.cert.org/vuls/id/361181 http://secunia.com/advisories/16981 http://www.novell.com/linux/security/advisories/2005_59_RealPlayer.html http://secunia.com/advisories/16954 http://secunia.com/advisories/16961 http://secunia.com/advisories/17116 http://secunia.com/advisories/17127 http://www.redhat.com/support/errata/RHSA-2005-762.html http://securityreason.com/securityalert/27 http://securityreason.com/securityalert/41 http://marc.info/?l=bugtraq&m=112785544325326&w=2 http://marc.info/?l=full-disclosure&m=112775929608219&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11015 https://access.redhat.com/errata/RHSA-2005:762 https://nvd.nist.gov https://www.exploit-db.com/exploits/1232/https://www.kb.cert.org/vuls/id/361181

CVE-2005-2710

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect