PT-2004-1537 · Realnetworks · Realplayer+2

Published

2004-04-16

Updated

2017-07-11

CVE-2004-0387

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions RealPlayer version 8 RealOne Player (affected versions not specified) RealOne Player 10 beta RealOne Player Enterprise (affected versions not specified)

Description The issue is a stack-based buffer overflow in the RT3 plugin. This allows remote attackers to execute arbitrary code via a malformed .R3T file.

Recommendations For RealPlayer version 8, update to a version that does not use the vulnerable RT3 plugin. For RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0387

Affected Products

Rt3 Plugin

Realone Player

Realplayer

PT-2004-1537 · Realnetworks · Realplayer+2

CVE-2004-0387

Related Identifiers

Affected Products

References · 9