Vulnerabilities > CVE-2007-4904 - Numeric Errors vulnerability in Realnetworks Helix Player and Realplayer
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | RealPlayer 11 Malformed AU File Denial of Service Exploit. CVE-2007-4904,CVE-2007-6235. Dos exploit for windows platform |
| file | exploits/windows/dos/4683.py |
| id | EDB-ID:4683 |
| last seen | 2016-01-31 |
| modified | 2007-12-01 |
| platform | windows |
| port | |
| published | 2007-12-01 |
| reporter | NtWaK0 |
| source | https://www.exploit-db.com/download/4683/ |
| title | RealPlayer 11 Malformed AU File Denial of Service Exploit |
| type | dos |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-09-18 |
| organization | Red Hat |
| statement | We do not consider a crash of a client application such as RealPlayer or Helix Player to be a security issue. |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.html
- http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.html
- http://osvdb.org/39904
- http://osvdb.org/39904
- http://www.securityfocus.com/archive/1/479081/100/0/threaded
- http://www.securityfocus.com/archive/1/479081/100/0/threaded
- http://www.securityfocus.com/bid/25627
- http://www.securityfocus.com/bid/25627
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36545
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36545