cvelistv5 - cve-2007-5080

CVE-2007-5080 (GCVE-0-2007-5080)

Vulnerability from cvelistv5 – Published: 2007-10-31 17:00 – Updated: 2024-08-07 15:17

Summary

Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://service.real.com/realplayer/security/10252…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securitytracker.com/id?1018866	vdb-entryx_refsource_SECTRACK
	http://www.attrition.org/pipermail/vim/2007-Octob…	mailing-listx_refsource_VIM
	http://www.vupen.com/english/advisories/2007/3628	vdb-entryx_refsource_VUPEN
	http://www.ngssoftware.com/advisories/high-risk-v…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/759385	third-party-advisoryx_refsource_CERT-VN
	http://secunia.com/advisories/27361	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/26214	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:17:28.199Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://service.real.com/realplayer/security/10252007_player/en/"
          },
          {
            "name": "realplayer-mp3-bo(37434)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
          },
          {
            "name": "1018866",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018866"
          },
          {
            "name": "20071030 RealPlayer Updates of October 25, 2007",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
          },
          {
            "name": "ADV-2007-3628",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3628"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
          },
          {
            "name": "VU#759385",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/759385"
          },
          {
            "name": "27361",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27361"
          },
          {
            "name": "26214",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26214"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://service.real.com/realplayer/security/10252007_player/en/"
        },
        {
          "name": "realplayer-mp3-bo(37434)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
        },
        {
          "name": "1018866",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018866"
        },
        {
          "name": "20071030 RealPlayer Updates of October 25, 2007",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
        },
        {
          "name": "ADV-2007-3628",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3628"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
        },
        {
          "name": "VU#759385",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/759385"
        },
        {
          "name": "27361",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27361"
        },
        {
          "name": "26214",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26214"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5080",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://service.real.com/realplayer/security/10252007_player/en/",
              "refsource": "CONFIRM",
              "url": "http://service.real.com/realplayer/security/10252007_player/en/"
            },
            {
              "name": "realplayer-mp3-bo(37434)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
            },
            {
              "name": "1018866",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018866"
            },
            {
              "name": "20071030 RealPlayer Updates of October 25, 2007",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
            },
            {
              "name": "ADV-2007-3628",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3628"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
            },
            {
              "name": "VU#759385",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/759385"
            },
            {
              "name": "27361",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27361"
            },
            {
              "name": "26214",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26214"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5080",
    "datePublished": "2007-10-31T17:00:00",
    "dateReserved": "2007-09-24T00:00:00",
    "dateUpdated": "2024-08-07T15:17:28.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realone_player:1.0:*:windows:en:*:*:*:*\", \"matchCriteriaId\": \"880F633E-3833-4E07-91AE-F11E77DC3AF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"72F332E7-13EA-447D-8116-7CD404120040\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"15FABF57-B77B-49FF-BEAF-1E0D6BD4B66F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*\", \"matchCriteriaId\": \"FB3CC6D6-334F-4F9C-8A5C-7EC3DCACEC50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*\", \"matchCriteriaId\": \"414712E9-6901-4D33-B970-36CC238D4257\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*\", \"matchCriteriaId\": \"35AAD3FF-B70E-46CB-A3C1-34B2412EE6EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*\", \"matchCriteriaId\": \"FA78969A-CBAE-4B67-96E7-F7EC9FD78E38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*\", \"matchCriteriaId\": \"B9BA3DF0-9785-4F70-A9A3-38F657B52AA7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de entero en RealNetworks RealPlayer 10 y 10.5, REalOne Player 1, y RealPlayer Enterprise para Windows permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante una etiqueta Lyrics3 2.00 manipulada en un archivo MP3, resultando en un desbordamiento de b\\u00fafer basado en mont\\u00edculo.\"}]",
      "id": "CVE-2007-5080",
      "lastModified": "2024-11-21T00:37:04.800",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-10-31T17:46:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/27361\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://service.real.com/realplayer/security/10252007_player/en/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.attrition.org/pipermail/vim/2007-October/001841.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/759385\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26214\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018866\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3628\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37434\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27361\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://service.real.com/realplayer/security/10252007_player/en/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.attrition.org/pipermail/vim/2007-October/001841.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/759385\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26214\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018866\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3628\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37434\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.\", \"lastModified\": \"2007-11-01T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5080\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-31T17:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de entero en RealNetworks RealPlayer 10 y 10.5, REalOne Player 1, y RealPlayer Enterprise para Windows permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una etiqueta Lyrics3 2.00 manipulada en un archivo MP3, resultando en un desbordamiento de b\u00fafer basado en mont\u00edculo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realone_player:1.0:*:windows:en:*:*:*:*\",\"matchCriteriaId\":\"880F633E-3833-4E07-91AE-F11E77DC3AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"72F332E7-13EA-447D-8116-7CD404120040\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"15FABF57-B77B-49FF-BEAF-1E0D6BD4B66F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*\",\"matchCriteriaId\":\"FB3CC6D6-334F-4F9C-8A5C-7EC3DCACEC50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*\",\"matchCriteriaId\":\"414712E9-6901-4D33-B970-36CC238D4257\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*\",\"matchCriteriaId\":\"35AAD3FF-B70E-46CB-A3C1-34B2412EE6EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*\",\"matchCriteriaId\":\"FA78969A-CBAE-4B67-96E7-F7EC9FD78E38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*\",\"matchCriteriaId\":\"B9BA3DF0-9785-4F70-A9A3-38F657B52AA7\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/27361\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://service.real.com/realplayer/security/10252007_player/en/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.attrition.org/pipermail/vim/2007-October/001841.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/759385\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26214\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018866\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3628\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37434\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27361\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://service.real.com/realplayer/security/10252007_player/en/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.attrition.org/pipermail/vim/2007-October/001841.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/759385\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018866\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37434\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.\",\"lastModified\":\"2007-11-01T00:00:00\"}]}}"
  }
}

FKIE_CVE-2007-5080

Vulnerability from fkie_nvd - Published: 2007-10-31 17:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/27361	Patch, Vendor Advisory
cve@mitre.org	http://service.real.com/realplayer/security/10252007_player/en/	Patch
cve@mitre.org	http://www.attrition.org/pipermail/vim/2007-October/001841.html
cve@mitre.org	http://www.kb.cert.org/vuls/id/759385	US Government Resource
cve@mitre.org	http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/
cve@mitre.org	http://www.securityfocus.com/bid/26214
cve@mitre.org	http://www.securitytracker.com/id?1018866
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3628
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/37434
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27361	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://service.real.com/realplayer/security/10252007_player/en/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.attrition.org/pipermail/vim/2007-October/001841.html
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/759385	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26214
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018866
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3628
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/37434

Impacted products

Vendor	Product	Version
realnetworks	realone_player	1.0
realnetworks	realone_player	2.0
realnetworks	realplayer	10.0
realnetworks	realplayer	10.5
realnetworks	realplayer	10.5
realnetworks	realplayer	10.5
realnetworks	realplayer	10.5
realnetworks	realplayer_enterprise	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_player:1.0:*:windows:en:*:*:*:*",
              "matchCriteriaId": "880F633E-3833-4E07-91AE-F11E77DC3AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*",
              "matchCriteriaId": "72F332E7-13EA-447D-8116-7CD404120040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*",
              "matchCriteriaId": "15FABF57-B77B-49FF-BEAF-1E0D6BD4B66F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*",
              "matchCriteriaId": "FB3CC6D6-334F-4F9C-8A5C-7EC3DCACEC50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*",
              "matchCriteriaId": "414712E9-6901-4D33-B970-36CC238D4257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*",
              "matchCriteriaId": "35AAD3FF-B70E-46CB-A3C1-34B2412EE6EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*",
              "matchCriteriaId": "FA78969A-CBAE-4B67-96E7-F7EC9FD78E38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*",
              "matchCriteriaId": "B9BA3DF0-9785-4F70-A9A3-38F657B52AA7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en RealNetworks RealPlayer 10 y 10.5, REalOne Player 1, y RealPlayer Enterprise para Windows permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una etiqueta Lyrics3 2.00 manipulada en un archivo MP3, resultando en un desbordamiento de b\u00fafer basado en mont\u00edculo."
    }
  ],
  "id": "CVE-2007-5080",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-10-31T17:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27361"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://service.real.com/realplayer/security/10252007_player/en/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/759385"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26214"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018866"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3628"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://service.real.com/realplayer/security/10252007_player/en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/759385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.",
      "lastModified": "2007-11-01T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-AVI-457

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités permettant à une personne malintentionnée d'exécuter du code arbitraire à distance ont été identifiées dans RealPlayer.

Description

Cinq vulnérabilités ont été identifiées dans le lecteur multimédia RealPlayer. Elles sont dues à des débordements de mémoire qu'une personne malintentionnée distante peut exploiter en incitant l'utilisateur à ouvrir un fichier au format mp3, rm, SMIL, swf, ram ou pls spécialement construit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	RealPlayer 10 sur Microsoft Windows ;
Apple	macOS	RealOne Player sur MacOs ;
Microsoft	N/A	RealPlayer 10 (10.0.5 - 10.0.8) sur Linux ;
Apple	macOS	Realplayer 10.1 (10.0.0.305 - 10.0.0.331, 10.0.0.352, 10.0.0.396 - 10.0.0.412, 10.0.0.481) sur MacOS ;
Microsoft	Windows	RealPlayer Enterprise sur Microsoft Windows ;
Microsoft	Windows	RealOne Player v1 sur Microsoft Windows ;
Microsoft	Windows	RealPlayer 10.5 (6.0.12.1040 - 6.0.12.1578, 6.0.12.1698, 6.0.12.1741) sur Microsoft Windows ;
Microsoft	Windows	RealPlayer 8 sur Microsoft Windows ;
Microsoft	Windows	RealOne Player v2 sur Microsoft Windows ;
N/A	N/A	Helix Player (10.0.5 - 10.0.8) sur Linux.

References

Title

Publication Time

Tags

Bulletin de sécurité de RealNetworks du 25 octobre 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "RealPlayer 10 sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "RealOne Player sur MacOs ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer 10 (10.0.5 - 10.0.8) sur Linux ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Realplayer 10.1 (10.0.0.305 - 10.0.0.331, 10.0.0.352, 10.0.0.396 - 10.0.0.412, 10.0.0.481) sur MacOS ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer Enterprise sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "RealOne Player v1 sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer 10.5 (6.0.12.1040 - 6.0.12.1578, 6.0.12.1698, 6.0.12.1741) sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer 8 sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "RealOne Player v2 sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Helix Player (10.0.5 - 10.0.8) sur Linux.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCinq vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur multim\u00e9dia\nRealPlayer. Elles sont dues \u00e0 des d\u00e9bordements de m\u00e9moire qu\u0027une\npersonne malintentionn\u00e9e distante peut exploiter en incitant\nl\u0027utilisateur \u00e0 ouvrir un fichier au format mp3, rm, SMIL, swf, ram ou\npls sp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5081"
    },
    {
      "name": "CVE-2007-4599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4599"
    },
    {
      "name": "CVE-2007-2263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2263"
    },
    {
      "name": "CVE-2007-5080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5080"
    },
    {
      "name": "CVE-2007-2264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2264"
    },
    {
      "name": "CVE-2007-3410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3410"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-457",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant \u00e0 une personne malintentionn\u00e9e\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ont \u00e9t\u00e9 identifi\u00e9es dans\nRealPlayer.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans RealPlayer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de RealNetworks du 25 octobre 2007",
      "url": "http://service.real.com/main.html"
    }
  ]
}

CERTA-2007-AVI-457

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités permettant à une personne malintentionnée d'exécuter du code arbitraire à distance ont été identifiées dans RealPlayer.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	RealPlayer 10 sur Microsoft Windows ;
Apple	macOS	RealOne Player sur MacOs ;
Microsoft	N/A	RealPlayer 10 (10.0.5 - 10.0.8) sur Linux ;
Apple	macOS	Realplayer 10.1 (10.0.0.305 - 10.0.0.331, 10.0.0.352, 10.0.0.396 - 10.0.0.412, 10.0.0.481) sur MacOS ;
Microsoft	Windows	RealPlayer Enterprise sur Microsoft Windows ;
Microsoft	Windows	RealOne Player v1 sur Microsoft Windows ;
Microsoft	Windows	RealPlayer 10.5 (6.0.12.1040 - 6.0.12.1578, 6.0.12.1698, 6.0.12.1741) sur Microsoft Windows ;
Microsoft	Windows	RealPlayer 8 sur Microsoft Windows ;
Microsoft	Windows	RealOne Player v2 sur Microsoft Windows ;
N/A	N/A	Helix Player (10.0.5 - 10.0.8) sur Linux.

References

Title

Publication Time

Tags

Bulletin de sécurité de RealNetworks du 25 octobre 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "RealPlayer 10 sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "RealOne Player sur MacOs ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer 10 (10.0.5 - 10.0.8) sur Linux ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Realplayer 10.1 (10.0.0.305 - 10.0.0.331, 10.0.0.352, 10.0.0.396 - 10.0.0.412, 10.0.0.481) sur MacOS ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer Enterprise sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "RealOne Player v1 sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer 10.5 (6.0.12.1040 - 6.0.12.1578, 6.0.12.1698, 6.0.12.1741) sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "RealPlayer 8 sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "RealOne Player v2 sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Helix Player (10.0.5 - 10.0.8) sur Linux.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCinq vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur multim\u00e9dia\nRealPlayer. Elles sont dues \u00e0 des d\u00e9bordements de m\u00e9moire qu\u0027une\npersonne malintentionn\u00e9e distante peut exploiter en incitant\nl\u0027utilisateur \u00e0 ouvrir un fichier au format mp3, rm, SMIL, swf, ram ou\npls sp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5081"
    },
    {
      "name": "CVE-2007-4599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4599"
    },
    {
      "name": "CVE-2007-2263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2263"
    },
    {
      "name": "CVE-2007-5080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5080"
    },
    {
      "name": "CVE-2007-2264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2264"
    },
    {
      "name": "CVE-2007-3410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3410"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-457",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant \u00e0 une personne malintentionn\u00e9e\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ont \u00e9t\u00e9 identifi\u00e9es dans\nRealPlayer.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans RealPlayer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de RealNetworks du 25 octobre 2007",
      "url": "http://service.real.com/main.html"
    }
  ]
}

GSD-2007-5080

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5080

Aliases

CVE-2007-5080

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5080",
    "description": "Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.",
    "id": "GSD-2007-5080",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-5080.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5080"
      ],
      "details": "Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.",
      "id": "GSD-2007-5080",
      "modified": "2023-12-13T01:21:41.249946Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5080",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://service.real.com/realplayer/security/10252007_player/en/",
            "refsource": "CONFIRM",
            "url": "http://service.real.com/realplayer/security/10252007_player/en/"
          },
          {
            "name": "realplayer-mp3-bo(37434)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
          },
          {
            "name": "1018866",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018866"
          },
          {
            "name": "20071030 RealPlayer Updates of October 25, 2007",
            "refsource": "VIM",
            "url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
          },
          {
            "name": "ADV-2007-3628",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3628"
          },
          {
            "name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/",
            "refsource": "MISC",
            "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
          },
          {
            "name": "VU#759385",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/759385"
          },
          {
            "name": "27361",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27361"
          },
          {
            "name": "26214",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26214"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realone_player:2.0:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1698:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1741:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realone_player:1.0:*:windows:en:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:windows:en:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1040:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.5:6.0.12.1578:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5080"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"
            },
            {
              "name": "http://service.real.com/realplayer/security/10252007_player/en/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://service.real.com/realplayer/security/10252007_player/en/"
            },
            {
              "name": "20071030 RealPlayer Updates of October 25, 2007",
              "refsource": "VIM",
              "tags": [],
              "url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
            },
            {
              "name": "26214",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26214"
            },
            {
              "name": "1018866",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018866"
            },
            {
              "name": "27361",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27361"
            },
            {
              "name": "VU#759385",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/759385"
            },
            {
              "name": "ADV-2007-3628",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3628"
            },
            {
              "name": "realplayer-mp3-bo(37434)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-10-31T17:46Z"
    }
  }
}

GHSA-XG36-F7GX-CMX3

Vulnerability from github – Published: 2022-05-01 18:29 – Updated: 2025-04-09 03:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5080"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-31T17:46:00Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.",
  "id": "GHSA-xg36-f7gx-cmx3",
  "modified": "2025-04-09T03:47:58Z",
  "published": "2022-05-01T18:29:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5080"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37434"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27361"
    },
    {
      "type": "WEB",
      "url": "http://service.real.com/realplayer/security/10252007_player/en"
    },
    {
      "type": "WEB",
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/759385"
    },
    {
      "type": "WEB",
      "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26214"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018866"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3628"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5080 (GCVE-0-2007-5080)

FKIE_CVE-2007-5080

CERTA-2007-AVI-457

Description

Solution

CERTA-2007-AVI-457

Description

Solution

GSD-2007-5080

GHSA-XG36-F7GX-CMX3

Tags

Sightings

Nomenclature