Published: 26/06/2007 Updated: 11/10/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 up to and including 10.0.8, allows remote malicious users to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
realnetworks helix player 10.0.5
realnetworks realplayer 10.5
realnetworks realplayer enterprise
realnetworks helix player 10.0.6
realnetworks helix player 10.0.7
realnetworks realplayer 10.0
realnetworks realplayer 10.1
realnetworks helix player 10.0.8
realnetworks helix player 10.5-gold
realnetworks realone player

<smil xmlns="wwww3org/2000/SMIL20/CR/Language"> <body> <par> <img src="/1jpg" begin="wallclock(12:00:00999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999+9)" dur=" ...

CWE-119 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547 http://service.real.com/realplayer/security/10252007_player/en/http://security.gentoo.org/glsa/glsa-200709-05.xml http://www.redhat.com/support/errata/RHSA-2007-0605.html http://www.redhat.com/support/errata/RHSA-2007-0841.html http://www.kb.cert.org/vuls/id/770904 http://www.attrition.org/pipermail/vim/2007-October/001841.html http://www.securityfocus.com/bid/24658 http://securitytracker.com/id?1018297 http://securitytracker.com/id?1018299 http://secunia.com/advisories/25819 http://secunia.com/advisories/25859 http://secunia.com/advisories/26463 http://secunia.com/advisories/26828 http://secunia.com/advisories/27361 http://osvdb.org/37374 http://www.vupen.com/english/advisories/2007/2339 http://www.vupen.com/english/advisories/2007/3628 http://osvdb.org/38342 https://exchange.xforce.ibmcloud.com/vulnerabilities/35088 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554 https://nvd.nist.gov https://www.exploit-db.com/exploits/4118/https://www.kb.cert.org/vuls/id/770904

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-3410

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect