发布时间 :2005-11-18 18:03:00
修订时间 :2016-10-17 23:36:44

[原文]Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.

[CNNVD]RealNetworks RealPlayer未明的形态异常图像外观文件缓冲区溢出漏洞(CNNVD-200511-245)

        RealNetworks RealPlayer是非常流行的媒体播放器,适用于多种操作系统,包括Microsoft Windows,Linux和Mac OS。
        RealNetworks RealPlayer 10和10.5中的缓冲区溢出,可让远程攻击者通过RealPlayer外观(RJS)文件中的特制图像执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:realnetworks:realplayer:10.0RealNetworks RealPlayer 10.0

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20051111 High Risk Flaw in RealPlayer
(UNKNOWN)  BID  15398

- 漏洞信息

RealNetworks RealPlayer未明的形态异常图像外观文件缓冲区溢出漏洞
高危 缓冲区溢出
2005-11-18 00:00:00 2006-01-04 00:00:00
        RealNetworks RealPlayer是非常流行的媒体播放器,适用于多种操作系统,包括Microsoft Windows,Linux和Mac OS。
        RealNetworks RealPlayer 10和10.5中的缓冲区溢出,可让远程攻击者通过RealPlayer外观(RJS)文件中的特制图像执行任意代码。

- 公告与补丁


- 漏洞信息

RealNetworks RealPlayer Unspecified Malformed Image Skin File Buffer Overflow Vulnerability
Boundary Condition Error 15398
Yes No
2005-11-12 12:00:00 2005-11-12 12:00:00
Discovery is credited to John Heasman of NGSSoftware.

- 受影响的程序版本

Real Networks RealPlayer 10.5 v6.0.12.1235
Real Networks RealPlayer 10.5 v6.0.12.1069
Real Networks RealPlayer 10.5 v6.0.12.1059
Real Networks RealPlayer 10.5 v6.0.12.1056
Real Networks RealPlayer 10.5 v6.0.12.1053
Real Networks RealPlayer 10.5 v6.0.12.1040
Real Networks RealPlayer 10.0
+ S.u.S.E. cvsup-16.1h-43.i586.rpm
+ S.u.S.E. Linux Personal 9.3
+ S.u.S.E. Linux Personal 9.2

- 漏洞讨论

RealNetworks RealPlayer is prone to an unspecified vulnerability that may let remote attackers execute arbitrary code.

This issue may be triggered by a malformed image in a skin file. The cause of the issue is reportedly a stack-based buffer overflow. It is possible to exploit this issue by enticing a victim user to open a malicious skin file containing a malformed image.

This affects some RealPlayer 10/10.5 releases on Windows platforms.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

The vendor has released fixes to address this issue. The patches are available through the 'Check for Update' functionality of the software under the 'Tools' menu. Fixes are available from the following location as well:

- 相关参考