Vulnerabilities > CVE-2004-0550 - Remote Security vulnerability in Realnetworks Realplayer 10.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Windows NASL id REALPLAYER_6011.NASL description According to its build number, the installed version of RealPlayer on the remote host is vulnerable to several overflows. In exploiting these flaws, an attacker would need to be able to coerce a local user into visiting a malicious URL or downloading a malicious media file which, on execution, would execute code with the privileges of the local user. last seen 2020-06-01 modified 2020-06-02 plugin id 14278 published 2004-08-16 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14278 title RealPlayer Multiple Remote Overflows code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(14278); script_version("1.21"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2004-0550"); script_bugtraq_id(10527, 10528, 10934); script_name(english:"RealPlayer Multiple Remote Overflows"); script_summary(english:"Checks RealPlayer build number"); script_set_attribute(attribute:"synopsis", value: "The remote Windows application is affected by several remote overflows."); script_set_attribute(attribute:"description", value: "According to its build number, the installed version of RealPlayer on the remote host is vulnerable to several overflows. In exploiting these flaws, an attacker would need to be able to coerce a local user into visiting a malicious URL or downloading a malicious media file which, on execution, would execute code with the privileges of the local user."); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/365709/2004-06-07/2004-06-13/0"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4a2e2a79"); script_set_attribute(attribute:"see_also", value:"http://service.real.com/help/faq/security/040610_player/EN/"); script_set_attribute(attribute:"see_also", value:"http://www.eeye.com/html/research/upcoming/20040811.html"); script_set_attribute(attribute:"solution", value: "Install the updates as outlined in the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/16"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/10"); script_set_attribute(attribute:"patch_publication_date", value:"2004/06/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:realnetworks:realplayer"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("realplayer_detect.nasl"); script_require_keys("SMB/RealPlayer/Product", "SMB/RealPlayer/Build"); exit(0); } include("global_settings.inc"); # nb: RealOne Player and RealPlayer Enterprise are also affected, # but we don't currently know which specific build numbers # address the issues. prod = get_kb_item("SMB/RealPlayer/Product"); if (!prod || prod != "RealPlayer") exit(0); # Check build. build = get_kb_item("SMB/RealPlayer/Build"); if (build) { ver = split(build, sep:'.', keep:FALSE); if ( int(ver[0]) == 6 && int(ver[1]) == 0 && ( (int(ver[2]) == 10 && int(ver[3]) == 505) || ( int(ver[2]) == 11 && (int(ver[3]) >= 818 && int(ver[3]) <= 872) ) ) ) { if (report_verbosity) { report = string( "\n", prod, " build ", build, " is installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-299.NASL description Updated realplayer packages that fix a number of security issues are now available for Red Hat Enterprise Linux 3 Extras. This update has been rated as having important security impact by the Red Hat Security Response Team. The realplayer package contains RealPlayer, a media format player. A number of security issues have been discovered in RealPlayer 8 of which a subset are believed to affect the Linux version as shipped with Red Hat Enterprise Linux 3 Extras. RealPlayer 8 is no longer supported by RealNetworks. Users of RealPlayer are advised to upgrade to this erratum package which contains RealPlayer 10. last seen 2020-06-01 modified 2020-06-02 plugin id 17590 published 2005-03-21 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17590 title RHEL 3 : realplayer (RHSA-2005:299) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:299. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(17590); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2004-0387", "CVE-2004-0550", "CVE-2005-0189", "CVE-2005-0191", "CVE-2005-0455", "CVE-2005-0611"); script_xref(name:"RHSA", value:"2005:299"); script_name(english:"RHEL 3 : realplayer (RHSA-2005:299)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated realplayer packages that fix a number of security issues are now available for Red Hat Enterprise Linux 3 Extras. This update has been rated as having important security impact by the Red Hat Security Response Team. The realplayer package contains RealPlayer, a media format player. A number of security issues have been discovered in RealPlayer 8 of which a subset are believed to affect the Linux version as shipped with Red Hat Enterprise Linux 3 Extras. RealPlayer 8 is no longer supported by RealNetworks. Users of RealPlayer are advised to upgrade to this erratum package which contains RealPlayer 10." ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2004-0387.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2004-0550.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2005-0189.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2005-0191.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2005-0455.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2005-0611.html" ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2005-299.html" ); script_set_attribute( attribute:"solution", value:"Update the affected realplayer package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'RealNetworks RealPlayer SMIL Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:realplayer"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); flag = 0; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"realplayer-10.0.3-1.rhel3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");