Vulnerability Description
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realnetworks | Helix Player | 1.0 |
| Realnetworks | Realone Player | 1.0 |
| Realnetworks | Realplayer | - |
References
- http://marc.info/?l=ntbugtraq&m=109708374115061&w=2Mailing ListThird Party Advisory
- http://secunia.com/advisories/12672Third Party Advisory
- http://www.securityfocus.com/bid/11309PatchThird Party AdvisoryVDB Entry
- http://www.service.real.com/help/faq/security/040928_player/EN/Broken Link
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17549Third Party AdvisoryVDB Entry
- http://marc.info/?l=ntbugtraq&m=109708374115061&w=2Mailing ListThird Party Advisory
- http://secunia.com/advisories/12672Third Party Advisory
- http://www.securityfocus.com/bid/11309PatchThird Party AdvisoryVDB Entry
- http://www.service.real.com/help/faq/security/040928_player/EN/Broken Link
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17549Third Party AdvisoryVDB Entry
FAQ
What is CVE-2004-1481?
CVE-2004-1481 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL fi...
How severe is CVE-2004-1481?
CVE-2004-1481 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1481?
Check the references section above for vendor advisories and patch information. Affected products include: Realnetworks Helix Player, Realnetworks Realone Player, Realnetworks Realplayer.