CVE-2007-2264

Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.

Published: Oct 31, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2264
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
realnetworks / realplayer	10.0-10.0.7	10.0-10.0.7.x
realnetworks / realplayer	10.5-6.0.12.1040	10.5-6.0.12.1040.x
realnetworks / realplayer	10.5-6.0.12.1741	10.5-6.0.12.1741.x
realnetworks / realone_player	2.0	2.0.x
realnetworks / realplayer	10.0-10.0.9	10.0-10.0.9.x
realnetworks / realplayer	8.0	8.0.x
realnetworks / realone_player	1.0	1.0.x
realnetworks / realplayer_enterprise	-	-
realnetworks / realplayer	10.1-10.0.0._481	10.1-10.0.0._481.x
realnetworks / realplayer	10.1-10.0.0.396	10.1-10.0.0.396.x
realnetworks / realplayer	10.5-6.0.12.1578	10.5-6.0.12.1578.x
realnetworks / realplayer	10.0-10.0.8	10.0-10.0.8.x
realnetworks / realplayer	10.5-6.0.12.1698	10.5-6.0.12.1698.x
realnetworks / realplayer	10.0-10.0.0.305	10.0-10.0.0.305.x
realnetworks / realplayer	10.1-10.0.0.412	10.1-10.0.0.412.x
realnetworks / realplayer	10.0-10.0.0.352	10.0-10.0.0.352.x
realnetworks / realplayer	10.0-10.0.6	10.0-10.0.6.x
realnetworks / realone_player	-	-
realnetworks / realplayer	10.0-10.0.5	10.0-10.0.5.x
realnetworks / realplayer	10.0	10.0.x
realnetworks / realplayer	10.0-10.0.0.331	10.0-10.0.0.331.x

Vulnerability Database

289,871

CVE-2007-2264