PT-2005-3520 · Realnetworks · Dunzip32.Dll+2

Fang Xing

Published

2005-11-18

Updated

2017-07-11

CVE-2005-2630

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions RealPlayer versions 8, 10, and 10.5 RealOne Player versions 1 and 2

Description A heap-based buffer overflow issue exists in the DUNZIP32.DLL component, allowing remote attackers to execute arbitrary code through a crafted RealPlayer Skin (RJS) file.

Recommendations For RealPlayer versions 8, 10, and 10.5, consider disabling the use of RealPlayer Skin (RJS) files until a patch is available. For RealOne Player versions 1 and 2, avoid using the DUNZIP32.DLL component for processing RJS files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2630

Affected Products

Dunzip32.Dll

Realone Player

Realplayer

PT-2005-3520 · Realnetworks · Dunzip32.Dll+2

CVE-2005-2630

Related Identifiers

Affected Products

References · 12