CVE-2005-0191
RealPlayer 10.5 (6.0.12.1040) and earlier - Remote Code Execution via Long Tag in RMP File
Title source: llmDescription
Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18982
Patch, Vendor Advisory x_refsource_misc
http://www.ngssoftware.com/advisories/real-03full.txt
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110616302008401&w=2
Patch, Vendor Advisory x_refsource_confirm
http://service.real.com/help/faq/security/040928_player/EN/
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109707741022291&w=2
Scores
EPSS
0.0659
EPSS Percentile
91.3%
Details
Status
published
Products (8)
realnetworks/realone_player
1.0
realnetworks/realone_player
2.0
realnetworks/realplayer
10.0 (3 CPE variants)
realnetworks/realplayer
10.0_6.0.12.690
realnetworks/realplayer
10.0_beta
realnetworks/realplayer
10.5
realnetworks/realplayer
10.5_6.0.12.1016_beta
realnetworks/realplayer
10.5_6.0.12.1040
Published
Jan 19, 2005
Tracked Since
Feb 18, 2026