Vulnerabilities > CVE-2005-0455
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
Vulnerable Configurations
Exploit-Db
description RealNetworks RealPlayer SMIL Buffer Overflow. CVE-2005-0455. Remote exploit for windows platform id EDB-ID:16586 last seen 2016-02-02 modified 2010-05-09 published 2010-05-09 reporter metasploit source https://www.exploit-db.com/download/16586/ title RealNetworks RealPlayer SMIL Buffer Overflow description RealPlayer 10 ".smil" File Local Buffer Overflow Exploit. CVE-2005-0455. Local exploit for windows platform id EDB-ID:863 last seen 2016-01-31 modified 2005-03-07 published 2005-03-07 reporter nolimit source https://www.exploit-db.com/download/863/ title RealPlayer 10 - .smil File Local Buffer Overflow Exploit
Metasploit
| description | This module exploits a stack buffer overflow in RealNetworks RealPlayer 10 and 8. By creating a URL link to a malicious SMIL file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an extension of '.smil'. This module has been tested with RealPlayer 10 build 6.0.12.883 and RealPlayer 8 build 6.0.9.584. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/REALPLAYER_SMIL |
| last seen | 2020-01-16 |
| modified | 2017-07-24 |
| published | 2007-02-03 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0455 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/realplayer_smil.rb |
| title | RealNetworks RealPlayer SMIL Buffer Overflow |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-271.NASL description An updated HelixPlayer package that fixes two buffer overflow issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. HelixPlayer is a media player. A stack based buffer overflow bug was found in HelixPlayer last seen 2020-06-01 modified 2020-06-02 plugin id 17269 published 2005-03-04 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17269 title RHEL 4 : HelixPlayer (RHSA-2005:271) NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_014.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:014 (RealPlayer). Two security problems were found in the media player RealPlayer: - CVE-2005-0455: A buffer overflow in the handling of .smil files. - CVE-2005-0611: A buffer overflow in the handling of .wav files. Both buffer overflows can be exploited remotely by providing URLs opened by RealPlayer. More informations can be found on this URL: http://service.real.com/help/faq/security/050224_player/EN/ This updates fixes the problems. last seen 2020-06-01 modified 2020-06-02 plugin id 17300 published 2005-03-09 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17300 title SUSE-SA:2005:014: RealPlayer NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-265.NASL description An updated RealPlayer package that fixes two buffer overflow issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. RealPlayer is a media player. A stack based buffer overflow bug was found in RealPlayer last seen 2020-06-01 modified 2020-06-02 plugin id 17268 published 2005-03-04 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17268 title RHEL 4 : RealPlayer (RHSA-2005:265) NASL family Fedora Local Security Checks NASL id FEDORA_2005-188.NASL description Updated HelixPlayer packages that fixes two buffer overflow issues are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. A stack based buffer overflow bug was found in HelixPlayer last seen 2020-06-01 modified 2020-06-02 plugin id 19623 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19623 title Fedora Core 3 : HelixPlayer-1.0.3-3.fc3 (2005-188) NASL family Windows NASL id REALPLAYER_MULTIPLE_VULNS.NASL description According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise for Windows might allow an attacker to execute arbitrary code and delete arbitrary files on the remote host. To exploit these flaws, an attacker would send a malformed SMIL or WAV file to a user on the remote host and wait for him to open it. last seen 2020-06-01 modified 2020-06-02 plugin id 17254 published 2005-03-02 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17254 title RealPlayer Multiple Remote Overflows (2005-03-01) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-299.NASL description Updated realplayer packages that fix a number of security issues are now available for Red Hat Enterprise Linux 3 Extras. This update has been rated as having important security impact by the Red Hat Security Response Team. The realplayer package contains RealPlayer, a media format player. A number of security issues have been discovered in RealPlayer 8 of which a subset are believed to affect the Linux version as shipped with Red Hat Enterprise Linux 3 Extras. RealPlayer 8 is no longer supported by RealNetworks. Users of RealPlayer are advised to upgrade to this erratum package which contains RealPlayer 10. last seen 2020-06-01 modified 2020-06-02 plugin id 17590 published 2005-03-21 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17590 title RHEL 3 : realplayer (RHSA-2005:299)
Oval
| accepted | 2013-04-29T04:10:00.886-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10926 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value. | ||||||||||||
| version | 25 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83059/realplayer_smil.rb.txt |
| id | PACKETSTORM:83059 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | MC |
| source | https://packetstormsecurity.com/files/83059/RealNetworks-RealPlayer-SMIL-Buffer-Overflow.html |
| title | RealNetworks RealPlayer SMIL Buffer Overflow |
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://service.real.com/help/faq/security/050224_player
- http://www.idefense.com/application/poi/display?id=209&type=vulnerabilities
- http://www.redhat.com/support/errata/RHSA-2005-265.html
- http://www.redhat.com/support/errata/RHSA-2005-271.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10926