CVE-2007-4904
published 2007-09-17CVE-2007-4904: RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote…
PriorityP410medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
2.79%
84.6th percentile
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | helix_player | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c7p8-5wh3-55vc: RealNetworks RealPlayer 10
ghsa_unreviewed·2022-05-01
CVE-2007-4904 [MEDIUM] GHSA-c7p8-5wh3-55vc: RealNetworks RealPlayer 10
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
GHSA
GHSA-5mc3-fgcf-rc9v: A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-6235 [MEDIUM] CWE-20 GHSA-5mc3-fgcf-rc9v: A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed
A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904.
Red Hat
CVE-2007-4904: RealNetworks RealPlayer 10
vendor_redhat·CVSS 4.3
CVE-2007-4904 [MEDIUM] CVE-2007-4904: RealNetworks RealPlayer 10
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
Statement: We do not consider a crash of a client application such as RealPlayer or Helix Player to be a security issue.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.htmlhttp://osvdb.org/39904http://www.securityfocus.com/archive/1/479081/100/0/threadedhttp://www.securityfocus.com/bid/25627https://exchange.xforce.ibmcloud.com/vulnerabilities/36545http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.htmlhttp://osvdb.org/39904http://www.securityfocus.com/archive/1/479081/100/0/threadedhttp://www.securityfocus.com/bid/25627https://exchange.xforce.ibmcloud.com/vulnerabilities/36545
2007-09-17
Published