Vulnerability Description
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realnetworks | Helix Player | All versions |
| Realnetworks | Realplayer | 10.0 |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168078Vendor Advisory
- http://marc.info/?l=bugtraq&m=112785544325326&w=2
- http://marc.info/?l=full-disclosure&m=112775929608219&w=2
- http://secunia.com/advisories/16954
- http://secunia.com/advisories/16961
- http://secunia.com/advisories/16981
- http://secunia.com/advisories/17116
- http://secunia.com/advisories/17127
- http://securityreason.com/securityalert/27
- http://securityreason.com/securityalert/41
- http://www.debian.org/security/2005/dsa-826Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200510-07.xml
- http://www.idefense.com/application/poi/display?id=311&type=vulnerabilitiesVendor Advisory
- http://www.kb.cert.org/vuls/id/361181Third Party AdvisoryUS Government Resource
- http://www.novell.com/linux/security/advisories/2005_59_RealPlayer.html
FAQ
What is CVE-2005-2710?
CVE-2005-2710 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText ...
How severe is CVE-2005-2710?
CVE-2005-2710 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2710?
Check the references section above for vendor advisories and patch information. Affected products include: Realnetworks Helix Player, Realnetworks Realplayer.