CVE-2007-5601

critical

Description

Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/37280

http://www.vupen.com/english/advisories/2007/3548

http://www.us-cert.gov/cas/techalerts/TA07-297A.html

http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html

http://www.securitytracker.com/id?1018843

http://www.securityfocus.com/bid/26130

http://www.kb.cert.org/vuls/id/871673

http://www.infosecblog.org/2007/10/nasa-bans-ie.html

http://service.real.com/realplayer/security/191007_player/en/

http://secunia.com/advisories/27248

Details

Source: Mitre, NVD

Published: 2007-10-20

Updated: 2017-07-29

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical