Description
Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://service.real.com/help/faq/security/bufferoverrun_player.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6229
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103808645120764&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6227
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10677
Scores
EPSS
0.0385
EPSS Percentile
88.3%
Details
Status
published
Products (5)
realnetworks/realone_player
2.0
realnetworks/realplayer
realnetworks/realplayer
6.0
realnetworks/realplayer
7.0
realnetworks/realplayer
8.0
Published
Dec 11, 2002
Tracked Since
Feb 18, 2026