CVE-2007-3410
published 2007-06-26CVE-2007-3410: Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5…
PriorityP358critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
36.07%
98.3th percentile
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7hxv-5pvm-4mww: Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime
ghsa_unreviewed·2022-05-01
CVE-2007-3410 [HIGH] CWE-119 GHSA-7hxv-5pvm-4mww: Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.
Red Hat
RealPlayer/HelixPlayer buffer overflow
vendor_redhat·2007-06-26·CVSS 9.3
CVE-2007-3410 [CRITICAL] RealPlayer/HelixPlayer buffer overflow
RealPlayer/HelixPlayer buffer overflow
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.
Suricata
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1296 [HIGH] ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid DELETE
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid DELETE"; flow:established,to_server; http.uri; content:"/postingdetails.php?"; nocase; content:"postingid="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; classtype:web-application-attack; sid:2004544; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_ta
Suricata
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1296 [HIGH] ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UPDATE
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UPDATE"; flow:established,to_server; http.uri; content:"/postingdetails.php?"; nocase; content:"postingid="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; classtype:web-application-attack; sid:2004546; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_14, mitre_tactic_id TA0001, mitre_tact
Suricata
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-1296 [HIGH] ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ASCII
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ASCII"; flow:established,to_server; http.uri; content:"/postingdetails.php?"; nocase; content:"postingid="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; classtype:web-application-attack; sid:2004545; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_ta
Suricata
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1296 [HIGH] ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UNION SELECT
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UNION SELECT"; flow:established,to_server; http.uri; content:"/postingdetails.php?"; nocase; content:"postingid="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; classtype:web-application-attack; sid:2004542; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0
Suricata
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1296 [HIGH] ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid INSERT
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid INSERT"; flow:established,to_server; http.uri; content:"/postingdetails.php?"; nocase; content:"postingid="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; classtype:web-application-attack; sid:2004543; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_ta
Suricata
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1296 [HIGH] ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid SELECT
ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid SELECT"; flow:established,to_server; http.uri; content:"/postingdetails.php?"; nocase; content:"postingid="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:1; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; classtype:web-application-attack; sid:2004541; rev:11; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_13, mitre_tactic_id TA0001, mitre_ta
Bugzilla
CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow [F7]
bugzilla·2007-06-26·CVSS 9.3
CVE-2007-3410 [CRITICAL] CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow [F7]
CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Please see bug 245836 for a patch for this issue.
---
Ping. This is a very serious secuirty flaw and should be patched ASAP.
---
Patched and built for devel, F-7 and FC-6. Updates pending.
Thanks for the report.
---
HelixPlayer-1.0.7-6.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow [Fdevel]
bugzilla·2007-06-26·CVSS 9.3
CVE-2007-3410 [CRITICAL] CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow [Fdevel]
CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Fixed in devel since 2007-06-28, sorry for not updating this bug.
Bugzilla
CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow [FC5]
bugzilla·2007-06-26·CVSS 9.3
CVE-2007-3410 [CRITICAL] CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow [FC5]
CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow [FC5]
FC5 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Fedora Core 5 is no longer maintained.
If this bug is still present in the current Fedora release, please reopen this
bug and assign it to the corresponding Fedora version.
Bugzilla
CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow
bugzilla·2007-06-26·CVSS 9.3
CVE-2007-3410 [CRITICAL] CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow
CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow
A buffer overflow flaw was discovered in the way RealPlayer and HelixPlayer
handle the wallclock variable in Synchronized Multimedia Integration Language
(SMIL) files.
More information regarding this flaw can be found here:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547
Discussion:
Note the latest realplayer for Linux from real.com, version 10.0.8.805
segfaults using the reproducer.
---
Created attachment 158016
Patch created by Chris Aillon
---
still no update from Real, 10.0.8.805 is latest available
---
still no update from Real, 10.0.8.805 is latest available on their site
---
The Real security page hasn't been updated with the new build, but if you visit
www.real.com and download the Linux versi
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547http://osvdb.org/37374http://osvdb.org/38342http://secunia.com/advisories/25819http://secunia.com/advisories/25859http://secunia.com/advisories/26463http://secunia.com/advisories/26828http://secunia.com/advisories/27361http://security.gentoo.org/glsa/glsa-200709-05.xmlhttp://securitytracker.com/id?1018297http://securitytracker.com/id?1018299http://service.real.com/realplayer/security/10252007_player/en/http://www.attrition.org/pipermail/vim/2007-October/001841.htmlhttp://www.kb.cert.org/vuls/id/770904http://www.redhat.com/support/errata/RHSA-2007-0605.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0841.htmlhttp://www.securityfocus.com/bid/24658http://www.vupen.com/english/advisories/2007/2339http://www.vupen.com/english/advisories/2007/3628https://exchange.xforce.ibmcloud.com/vulnerabilities/35088https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547http://osvdb.org/37374http://osvdb.org/38342http://secunia.com/advisories/25819http://secunia.com/advisories/25859http://secunia.com/advisories/26463http://secunia.com/advisories/26828http://secunia.com/advisories/27361http://security.gentoo.org/glsa/glsa-200709-05.xmlhttp://securitytracker.com/id?1018297http://securitytracker.com/id?1018299http://service.real.com/realplayer/security/10252007_player/en/http://www.attrition.org/pipermail/vim/2007-October/001841.htmlhttp://www.kb.cert.org/vuls/id/770904http://www.redhat.com/support/errata/RHSA-2007-0605.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0841.htmlhttp://www.securityfocus.com/bid/24658http://www.vupen.com/english/advisories/2007/2339http://www.vupen.com/english/advisories/2007/3628https://exchange.xforce.ibmcloud.com/vulnerabilities/35088https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554
2007-06-26
Published