CVE-2007-5601

Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.

Published: Oct 20, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5601
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
realnetworks / realplayer	10.0	10.0.x
realnetworks / realplayer	11_beta	11_beta.x
realnetworks / realplayer	10.5	10.5.x

http://secunia.com/advisories/27248
http://service.real.com/realplayer/security/191007_player/en/
http://www.infosecblog.org/2007/10/nasa-bans-ie.html
http://www.kb.cert.org/vuls/id/871673
http://www.securityfocus.com/bid/26130
http://www.securitytracker.com/id?1018843
http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html
http://www.us-cert.gov/cas/techalerts/TA07-297A.html
http://www.vupen.com/english/advisories/2007/3548
https://exchange.xforce.ibmcloud.com/vulnerabilities/37280

Vulnerability Database

CVE-2007-5601