Vulnerability Description
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realnetworks | Realone Player | All versions |
| Realnetworks | Realplayer | 10.0 |
| Realnetworks | Realplayer Enterprise | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/38344
- http://secunia.com/advisories/27361PatchVendor Advisory
- http://service.real.com/realplayer/security/10252007_player/en/Patch
- http://www.attrition.org/pipermail/vim/2007-October/001841.html
- http://www.securityfocus.com/archive/1/483110/100/0/threaded
- http://www.securityfocus.com/bid/26214Patch
- http://www.securityfocus.com/bid/26284
- http://www.securitytracker.com/id?1018866
- http://www.vupen.com/english/advisories/2007/3628Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-07-061.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37436
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://osvdb.org/38344
- http://secunia.com/advisories/27361PatchVendor Advisory
- http://service.real.com/realplayer/security/10252007_player/en/Patch
FAQ
What is CVE-2007-2263?
CVE-2007-2263 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file...
How severe is CVE-2007-2263?
CVE-2007-2263 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2263?
Check the references section above for vendor advisories and patch information. Affected products include: Realnetworks Realone Player, Realnetworks Realplayer, Realnetworks Realplayer Enterprise.