CVE-2007-4904

Realnetworks Helix Player - Numeric Error

Title source: rule

Description

RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.

Exploits (1)

exploitdb WORKING POC

pythondoswindows

https://www.exploit-db.com/exploits/4683

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.html

[Exploit] http://www.securityfocus.com/bid/25627

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36545

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/479081/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/39904

Scores

EPSS 0.0572

EPSS Percentile 90.5%

Details

CWE

CWE-189

Status published

Products (5)

realnetworks/helix_player 1.0.6

realnetworks/realplayer 10.0.8

realnetworks/realplayer 10.0.9

realnetworks/realplayer 10.1

realnetworks/realplayer 10.5-gold

Published Sep 17, 2007

Tracked Since Feb 18, 2026