CVE-2006-0323 — HIGH (9.3) — White Hats Nepal

Vulnerability Description

Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Realnetworks	Helix Player	All versions
Realnetworks	Realone Player	All versions
Realnetworks	Realplayer	10.0
Realnetworks	Rhapsody	3

Related Weaknesses (CWE)

CWE-119

References

http://secunia.com/advisories/19358Vendor Advisory
http://secunia.com/advisories/19362PatchVendor Advisory
http://secunia.com/advisories/19365PatchVendor Advisory
http://secunia.com/advisories/19390Vendor Advisory
http://securityreason.com/securityalert/690
http://securitytracker.com/id?1015806
http://www.gentoo.org/security/en/glsa/glsa-200603-24.xmlPatchVendor Advisory
http://www.kb.cert.org/vuls/id/231028PatchThird Party AdvisoryUS Government Resource
http://www.novell.com/linux/security/advisories/2006_18_realplayer.htmlPatchVendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0257.htmlPatchVendor Advisory
http://www.securityfocus.com/archive/1/430621/100/0/threaded
http://www.securityfocus.com/bid/17202Exploit
http://www.service.real.com/realplayer/security/03162006_player/en/Patch
http://www.vupen.com/english/advisories/2006/1057
https://exchange.xforce.ibmcloud.com/vulnerabilities/25408

FAQ

What is CVE-2006-0323?

CVE-2006-0323 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary cod...

How severe is CVE-2006-0323?

CVE-2006-0323 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-0323?

Check the references section above for vendor advisories and patch information. Affected products include: Realnetworks Helix Player, Realnetworks Realone Player, Realnetworks Realplayer, Realnetworks Rhapsody.