Vulnerabilities > CVE-2005-1766 - Unspecified vulnerability in Realnetworks Realplayer
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200507-04.NASL description The remote host is affected by the vulnerability described in GLSA-200507-04 (RealPlayer: Heap overflow vulnerability) RealPlayer is vulnerable to a heap overflow when opening RealMedia files which make use of RealText. Impact : By enticing a user to play a specially crafted RealMedia file an attacker could execute arbitrary code with the permissions of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18633 published 2005-07-06 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18633 title GLSA-200507-04 : RealPlayer: Heap overflow vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200507-04. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(18633); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-1766"); script_xref(name:"GLSA", value:"200507-04"); script_name(english:"GLSA-200507-04 : RealPlayer: Heap overflow vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200507-04 (RealPlayer: Heap overflow vulnerability) RealPlayer is vulnerable to a heap overflow when opening RealMedia files which make use of RealText. Impact : By enticing a user to play a specially crafted RealMedia file an attacker could execute arbitrary code with the permissions of the user running the application. Workaround : There is no known workaround at this time." ); # http://service.real.com/help/faq/security/050623_player/EN/ script_set_attribute( attribute:"see_also", value:"https://www.real.com/" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200507-04" ); script_set_attribute( attribute:"solution", value: "All RealPlayer users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-video/realplayer-10.0.5'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:realplayer"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-video/realplayer", unaffected:make_list("ge 10.0.5"), vulnerable:make_list("lt 10.0.5"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "RealPlayer"); }
NASL family Windows NASL id REALPLAYER_REALTEXT_PARSING_OVERFLOW.NASL description According to its build number, the installed version of RealPlayer / RealOne Player for Windows has several vulnerabilities : - A malicious MP3 file can be used to overwrite an arbitrary file or execute an ActiveX control. - Using a specially crafted RealMedia file, an attacker may be able to cause a heap overflow and run arbitrary code within the context of the affected application. - Using a specially crafted AVI file, an attacker may be able to cause a buffer overflow and run arbitrary code within the context of the affected application. - A malicious website may be able to cause a local HTML file to be created that triggers an RM file to play which would then reference the local HTML file. last seen 2020-06-01 modified 2020-06-02 plugin id 18558 published 2005-06-24 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18558 title RealPlayer / RealOne Player for Windows Multiple Vulnerabilities (2005-06-23) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18558); script_version("1.25"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2005-1766", "CVE-2005-2052"); script_bugtraq_id(13530, 14048, 14073); script_name(english:"RealPlayer / RealOne Player for Windows Multiple Vulnerabilities (2005-06-23)"); script_summary(english:"Checks RealPlayer build number"); script_set_attribute(attribute:"synopsis", value: "The remote Windows application is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its build number, the installed version of RealPlayer / RealOne Player for Windows has several vulnerabilities : - A malicious MP3 file can be used to overwrite an arbitrary file or execute an ActiveX control. - Using a specially crafted RealMedia file, an attacker may be able to cause a heap overflow and run arbitrary code within the context of the affected application. - Using a specially crafted AVI file, an attacker may be able to cause a buffer overflow and run arbitrary code within the context of the affected application. - A malicious website may be able to cause a local HTML file to be created that triggers an RM file to play which would then reference the local HTML file."); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc045348"); script_set_attribute(attribute:"see_also", value:"https://www.beyondtrust.com/resources/blog/research/"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/403535/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"http://service.real.com/help/faq/security/050623_player/EN/"); script_set_attribute(attribute:"solution", value: "Upgrade according to the vendor advisory referenced above."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/24"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/23"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:realnetworks:realplayer"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("realplayer_detect.nasl"); script_require_keys("SMB/RealPlayer/Product", "SMB/RealPlayer/Build"); exit(0); } include("global_settings.inc"); # nb: RealOne Player and RealPlayer Enterprise are also affected, # but we don't currently know which specific build numbers # address the issues. prod = get_kb_item("SMB/RealPlayer/Product"); if (!prod || prod != "RealPlayer") exit(0); # Check build. build = get_kb_item("SMB/RealPlayer/Build"); if (build) { # There's a problem if the build is: # - [6.0.12.1040, 6.0.12.1212), RealPlayer ver = split(build, sep:'.', keep:FALSE); if ( int(ver[0]) < 6 || ( int(ver[0]) == 6 && int(ver[1]) == 0 && ( int(ver[2]) < 12 || (int(ver[2]) == 12 && int(ver[3]) >= 1040 && int(ver[3]) < 1212) ) ) ) { if (report_verbosity) { report = string( "\n", prod, " build ", build, " is installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); } }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-826.NASL description Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 19795 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19795 title Debian DSA-826-1 : helix-player - multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-826. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(19795); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2005-1766", "CVE-2005-2710"); script_xref(name:"DSA", value:"826"); script_name(english:"Debian DSA-826-1 : helix-player - multiple vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources. - CAN-2005-1766 Buffer overflow in the RealText parser could allow remote code execution via a specially crafted RealMedia file with a long RealText string. - CAN-2005-2710 Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the image handle attribute in a RealPix (.rp) or RealText (.rt) file." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316276" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330364" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-826" ); script_set_attribute( attribute:"solution", value: "Upgrade the helix-player package. For the stable distribution (sarge), these problems have been fixed in version 1.0.4-1sarge1 helix-player was distributed only on the i386 and powerpc architectures" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:helix-player"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"helix-player", reference:"1.0.4-1sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_95EE96F2E48811D9BF22080020C11455.NASL description An iDEFENSE Security Advisory reports : Remote exploitation of a heap-based buffer overflow vulnerability in the RealText file format parser within various versions of RealNetworks Inc. last seen 2020-06-01 modified 2020-06-02 plugin id 19036 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19036 title FreeBSD : linux-realplayer -- RealText parsing heap overflow (95ee96f2-e488-11d9-bf22-080020c11455) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-523.NASL description An updated RealPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 05 Jul 2005] The previous package for Red Hat Enterprise Linux 4 did not contain the proper fix for this issue. This erratum has been updated with a replacement package that corrects this issue RealPlayer is a media player that provides media playback locally and via streaming. It plays RealAudio, RealVideo, MP3, 3GPP Video, Flash, SMIL 2.0, JPEG, GIF, PNG, RealPix, RealText, and more. A buffer overflow bug was found in the way RealPlayer processes SMIL files. An attacker could create a specially crafted SMIL file that could combine with a malicious Web server to execute arbitrary code when the file was opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1766 to this issue. All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.5 and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 18556 published 2005-06-24 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18556 title RHEL 3 / 4 : RealPlayer (RHSA-2005:523) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-517.NASL description An updated HelixPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. HelixPlayer is a media player. A buffer overflow bug was found in the way HelixPlayer processes SMIL files. An attacker could create a specially crafted SMIL file, which when combined with a malicious web server, could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1766 to this issue. All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.5 and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 18555 published 2005-06-24 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18555 title RHEL 4 : HelixPlayer (RHSA-2005:517) NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_037.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:037 (RealPlayer). Various security problems were found in RealPlayer that allow a remote attacker to execute code in the local player by providing handcrafted files. See http://service.real.com/help/faq/security/050623_player/EN/ too. The following security bugs are listed: - To fashion a malicious MP3 file to allow the overwriting of a local file or execution of an ActiveX control on a customer last seen 2019-10-28 modified 2005-07-20 plugin id 19246 published 2005-07-20 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19246 title SUSE-SA:2005:037: RealPlayer NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-517.NASL description An updated HelixPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. HelixPlayer is a media player. A buffer overflow bug was found in the way HelixPlayer processes SMIL files. An attacker could create a specially crafted SMIL file, which when combined with a malicious web server, could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1766 to this issue. All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.5 and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21944 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21944 title CentOS 4 : HelixPlayer (CESA-2005:517)
Oval
accepted | 2013-04-29T04:19:52.916-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:9509 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
title | Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file. | ||||||||||||
version | 25 |
Redhat
advisories |
| ||||||||
rpms |
|
References
- http://secunia.com/advisories/16981
- http://service.real.com/help/faq/security/050623_player/EN/
- http://www.debian.org/security/2005/dsa-826
- http://www.idefense.com/application/poi/display?id=250&type=vulnerabilities&flashstatus=true
- http://www.novell.com/linux/security/advisories/2005_37_real_player.html
- http://www.redhat.com/support/errata/RHSA-2005-517.html
- http://www.redhat.com/support/errata/RHSA-2005-523.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9509