CVE-2006-0330

Current Description

Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.

Basic Data

PublishedMarch 23, 2006
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRealnetworksHelix Player********
    2.3ApplicationRealnetworksRealone Player********
    2.3ApplicationRealnetworksRealplayer10.0gold******
    2.3ApplicationRealnetworksRealplayer10.0.6*******
    2.3ApplicationRealnetworksRealplayer10.5*******
    2.3ApplicationRealnetworksRhapsody3*******

Vulnerable Software List

VendorProductVersions
Realnetworks Helix Player *
Realnetworks Rhapsody 3
Realnetworks Realplayer 10.0, 10.0.6, 10.5
Realnetworks Realone Player *

References

NameSourceURLTags
19358http://secunia.com/advisories/19358SECUNIAVendor Advisory
19362http://secunia.com/advisories/19362SECUNIAPatch Vendor Advisory
19365http://secunia.com/advisories/19365SECUNIAPatch Vendor Advisory
19390http://secunia.com/advisories/19390SECUNIAVendor Advisory
690http://securityreason.com/securityalert/690SREASON
1015806http://securitytracker.com/id?1015806SECTRACK
GLSA-200603-24http://www.gentoo.org/security/en/glsa/glsa-200603-24.xmlGENTOOPatch Vendor Advisory
VU#231028http://www.kb.cert.org/vuls/id/231028CERT-VNPatch Third Party Advisory US Government Resource
SUSE-SA:2006:018http://www.novell.com/linux/security/advisories/2006_18_realplayer.htmlSUSEPatch Vendor Advisory
RHSA-2006:0257http://www.redhat.com/support/errata/RHSA-2006-0257.htmlREDHATPatch Vendor Advisory
20060411 Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilitieshttp://www.securityfocus.com/archive/1/430621/100/0/threadedBUGTRAQ
17202http://www.securityfocus.com/bid/17202BIDExploit
http://www.service.real.com/realplayer/security/03162006_player/en/http://www.service.real.com/realplayer/security/03162006_player/en/CONFIRMPatch
ADV-2006-1057http://www.vupen.com/english/advisories/2006/1057VUPEN
realnetworks-swf-bo(25408)https://exchange.xforce.ibmcloud.com/vulnerabilities/25408XF