Vulnerabilities > CVE-2006-1370 - Products Multiple Buffer Overflow vulnerability in RealNetworks

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

realnetworks

critical

nessus

NVD

Published: 2006-03-23

Updated: 2017-07-20

Summary

Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file. This vulnerability affects all versions of RealNetworks, RealPlayer from 10.5 v6.0.12.1040 through 10.5 v6.0.12.1348.

Vulnerable Configurations

Part	Description	Count
Application	Realnetworks Realnetworks Realone Player 1.0 Realnetworks Realone Player 2.0 Realnetworks Realplayer * Realnetworks Realplayer 8.0 Realnetworks Realplayer 10.0 Realnetworks Realplayer 10.5_6.0.12.1040 Realnetworks Realplayer 10.5_6.0.12.1053 Realnetworks Realplayer 10.5_6.0.12.1056 Realnetworks Realplayer 10.5_6.0.12.1059 Realnetworks Realplayer 10.5_6.0.12.1069 Realnetworks Realplayer 10.5_6.0.12.1235 Realnetworks Realplayer 10.5_6.0.12.1348	12

Nessus

NASL family	Windows
NASL id	REALPLAYER_6_0_12_1483.NASL
description	According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from one or more buffer overflows involving maliciously- crafted SWF and MBC files as well as web pages. In addition, it also may be affected by a local privilege escalation issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	21140
published	2006-03-24
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/21140
title	RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(21140); script_version("1.19"); script_cve_id("CVE-2005-2922", "CVE-2005-2936", "CVE-2006-0323", "CVE-2006-1370"); script_bugtraq_id(15448, 17202); script_name(english:"RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities"); script_summary(english:"Checks RealPlayer build number"); script_set_attribute(attribute:"synopsis", value: "The remote Windows application is affected by several issues." ); script_set_attribute(attribute:"description", value: "According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from one or more buffer overflows involving maliciously- crafted SWF and MBC files as well as web pages. In addition, it also may be affected by a local privilege escalation issue." ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1d16d359" ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c0b66183" ); script_set_attribute(attribute:"see_also", value:"http://service.real.com/realplayer/security/03162006_player/en/" ); script_set_attribute(attribute:"solution", value: "Upgrade according to the vendor advisory referenced above." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2006/03/24"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/11/15"); script_cvs_date("Date: 2018/07/25 18:58:06"); script_set_attribute(attribute:"patch_publication_date", value: "2006/03/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:realnetworks:realplayer"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_dependencies("realplayer_detect.nasl"); script_require_keys("SMB/RealPlayer/Product", "SMB/RealPlayer/Build"); exit(0); } include("global_settings.inc"); # nb: RealOne Player and RealPlayer Enterprise are also affected, # but we don't currently know which specific build numbers # address the issues. prod = get_kb_item("SMB/RealPlayer/Product"); if (!prod \|\| prod != "RealPlayer") exit(0); # Check build. build = get_kb_item("SMB/RealPlayer/Build"); if (!build) exit(0); # There's a problem if the build is before 6.0.12.1483. ver = split(build, sep:'.', keep:FALSE); if ( int(ver[0]) < 6 \|\| ( int(ver[0]) == 6 && int(ver[1]) == 0 && ( int(ver[2]) < 12 \|\| (int(ver[2]) == 12 && int(ver[3]) < 1483) ) ) ) { if (report_verbosity) { report = string( "\n", prod, " build ", build, " is installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }

Saint

bid	17202
description	RealPlayer invalid chunk header heap overflow
id	misc_realplayer
osvdb	24062
title	realplayer_chunk_header
type	client

Summary

Vulnerable Configurations

Nessus

Saint

References