CVE-2007-5080
published 2007-10-31CVE-2007-5080: Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary…
PriorityP345critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
7.73%
93.9th percentile
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | realone_player | — | — |
| realnetworks | realone_player | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xg36-f7gx-cmx3: Integer overflow in RealNetworks RealPlayer 10 and 10
ghsa_unreviewed·2022-05-01
CVE-2007-5080 [HIGH] GHSA-xg36-f7gx-cmx3: Integer overflow in RealNetworks RealPlayer 10 and 10
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
Red Hat
CVE-2007-5080: Integer overflow in RealNetworks RealPlayer 10 and 10
vendor_redhat·CVSS 9.3
CVE-2007-5080 [CRITICAL] CVE-2007-5080: Integer overflow in RealNetworks RealPlayer 10 and 10
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
Statement: Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/27361http://service.real.com/realplayer/security/10252007_player/en/http://www.attrition.org/pipermail/vim/2007-October/001841.htmlhttp://www.kb.cert.org/vuls/id/759385http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/http://www.securityfocus.com/bid/26214http://www.securitytracker.com/id?1018866http://www.vupen.com/english/advisories/2007/3628https://exchange.xforce.ibmcloud.com/vulnerabilities/37434http://secunia.com/advisories/27361http://service.real.com/realplayer/security/10252007_player/en/http://www.attrition.org/pipermail/vim/2007-October/001841.htmlhttp://www.kb.cert.org/vuls/id/759385http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/http://www.securityfocus.com/bid/26214http://www.securitytracker.com/id?1018866http://www.vupen.com/english/advisories/2007/3628https://exchange.xforce.ibmcloud.com/vulnerabilities/37434
2007-10-31
Published