CVE-2007-5601 Information
Description
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta and earlier versions including 10 RealOne Player and RealOne Player 2 allows remote attackers to execute arbitrary code via certain playlist names as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
Reference
http://secunia.com/advisories/27248 http://service.real.com/realplayer/security/191007_player/en/ http://www.infosecblog.org/2007/10/nasa-bans-ie.html http://www.kb.cert.org/vuls/id/871673 http://www.securityfocus.com/bid/26130 http://www.securitytracker.com/id?1018843 http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html http://www.us-cert.gov/cas/techalerts/TA07-297A.html http://www.vupen.com/english/advisories/2007/3548 https://exchange.xforce.ibmcloud.com/vulnerabilities/37280
Share on: