Vulnerabilities > CVE-2005-0189 - Buffer Overflow vulnerability in RealNetworks RealOne Player And RealPlayer ShowPreferences Action
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-299.NASL description Updated realplayer packages that fix a number of security issues are now available for Red Hat Enterprise Linux 3 Extras. This update has been rated as having important security impact by the Red Hat Security Response Team. The realplayer package contains RealPlayer, a media format player. A number of security issues have been discovered in RealPlayer 8 of which a subset are believed to affect the Linux version as shipped with Red Hat Enterprise Linux 3 Extras. RealPlayer 8 is no longer supported by RealNetworks. Users of RealPlayer are advised to upgrade to this erratum package which contains RealPlayer 10. last seen 2020-06-01 modified 2020-06-02 plugin id 17590 published 2005-03-21 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17590 title RHEL 3 : realplayer (RHSA-2005:299) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:299. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(17590); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2004-0387", "CVE-2004-0550", "CVE-2005-0189", "CVE-2005-0191", "CVE-2005-0455", "CVE-2005-0611"); script_xref(name:"RHSA", value:"2005:299"); script_name(english:"RHEL 3 : realplayer (RHSA-2005:299)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated realplayer packages that fix a number of security issues are now available for Red Hat Enterprise Linux 3 Extras. This update has been rated as having important security impact by the Red Hat Security Response Team. The realplayer package contains RealPlayer, a media format player. A number of security issues have been discovered in RealPlayer 8 of which a subset are believed to affect the Linux version as shipped with Red Hat Enterprise Linux 3 Extras. RealPlayer 8 is no longer supported by RealNetworks. Users of RealPlayer are advised to upgrade to this erratum package which contains RealPlayer 10." ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2004-0387.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2004-0550.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2005-0189.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2005-0191.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2005-0455.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2005-0611.html" ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2005-299.html" ); script_set_attribute( attribute:"solution", value:"Update the affected realplayer package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'RealNetworks RealPlayer SMIL Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:realplayer"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); flag = 0; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"realplayer-10.0.3-1.rhel3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id REALPLAYER_UNDISCLOSED_VULNS.NASL description According to its build number, the installed version of RealPlayer / RealOne Player for Windows may allow an attacker to execute arbitrary code and delete arbitrary files on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 15395 published 2004-10-01 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15395 title RealPlayer Multiple Remote Vulnerabilities (2004-09-28) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(15395); script_version("1.25"); script_cve_id("CVE-2004-1481", "CVE-2005-0189", "CVE-2005-0190", "CVE-2005-0192"); script_bugtraq_id(11307, 11308, 11309, 11335, 12311, 12315); script_name(english:"RealPlayer Multiple Remote Vulnerabilities (2004-09-28)"); script_set_attribute(attribute:"synopsis", value: "The remote Windows application is affected by multiple remote vulnerabilities." ); script_set_attribute(attribute:"description", value: "According to its build number, the installed version of RealPlayer / RealOne Player for Windows may allow an attacker to execute arbitrary code and delete arbitrary files on the remote host." ); script_set_attribute(attribute:"see_also", value:"https://securitytracker.com/id?1011449" ); script_set_attribute(attribute:"solution", value: "Upgrade according to the vendor advisory referenced above." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/01"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/28"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:realnetworks:realplayer"); script_end_attributes(); script_summary(english:"Checks RealPlayer build number"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("realplayer_detect.nasl"); script_require_keys("SMB/RealPlayer/Product", "SMB/RealPlayer/Build"); exit(0); } include("global_settings.inc"); # nb: RealOne Player and RealPlayer Enterprise are also affected, # but we don't currently know which specific build numbers # address the issues. prod = get_kb_item("SMB/RealPlayer/Product"); if (!prod || prod != "RealPlayer") exit(0); # Check build. build = get_kb_item("SMB/RealPlayer/Build"); if (build) { # There's a problem if the build is: # - [6.0.12.0, 6.0.12.1053), RealPlayer 10.5 ver = split(build, sep:'.', keep:FALSE); if ( int(ver[0]) < 6 || ( int(ver[0]) == 6 && int(ver[1]) == 0 && ( int(ver[2]) < 12 || (int(ver[2]) == 12 && int(ver[3]) < 1053) ) ) ) { if (report_verbosity) { report = string( "\n", prod, " build ", build, " is installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); } }
References
- http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0046.html
- http://marc.info/?l=bugtraq&m=109707741022291&w=2
- http://marc.info/?l=bugtraq&m=110616636318261&w=2
- http://service.real.com/help/faq/security/040928_player/EN/
- http://www.kb.cert.org/vuls/id/698390
- http://www.securityfocus.com/bid/12311