CVE-2007-4599
published 2007-10-31CVE-2007-4599: Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute…
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
8.40%
94.3th percentile
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | realone_player | — | — |
| realnetworks | realone_player | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CVE-2007-4599: Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10
vendor_redhat·CVSS 9.3
CVE-2007-4599 [CRITICAL] CVE-2007-4599: Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
Statement: Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.
GHSA
GHSA-5jxw-cpwp-467q: Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10
ghsa_unreviewed·2022-05-01
CVE-2007-4599 [HIGH] CWE-119 GHSA-5jxw-cpwp-467q: Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/38341http://secunia.com/advisories/27361http://securitytracker.com/id?1018866http://service.real.com/realplayer/security/10252007_player/en/http://www.attrition.org/pipermail/vim/2007-October/001841.htmlhttp://www.securityfocus.com/archive/1/483112/100/0/threadedhttp://www.securityfocus.com/bid/26214http://www.vupen.com/english/advisories/2007/3628http://www.zerodayinitiative.com/advisories/ZDI-07-062.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/37438http://osvdb.org/38341http://secunia.com/advisories/27361http://securitytracker.com/id?1018866http://service.real.com/realplayer/security/10252007_player/en/http://www.attrition.org/pipermail/vim/2007-October/001841.htmlhttp://www.securityfocus.com/archive/1/483112/100/0/threadedhttp://www.securityfocus.com/bid/26214http://www.vupen.com/english/advisories/2007/3628http://www.zerodayinitiative.com/advisories/ZDI-07-062.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/37438
2007-10-31
Published