CVE - CVE-2007-3410

CVE-ID
CVE-2007-3410	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:24658 URL:http://www.securityfocus.com/bid/24658 CERT-VN:VU#770904 URL:http://www.kb.cert.org/vuls/id/770904 CONFIRM:http://service.real.com/realplayer/security/10252007_player/en/ GENTOO:GLSA-200709-05 URL:http://security.gentoo.org/glsa/glsa-200709-05.xml IDEFENSE:20070626 RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547 OSVDB:37374 URL:~~http://osvdb.org/37374~~ (Obsolete source) OSVDB:38342 URL:~~http://osvdb.org/38342~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10554 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554 REDHAT:RHSA-2007:0605 URL:http://www.redhat.com/support/errata/RHSA-2007-0605.html REDHAT:RHSA-2007:0841 URL:http://www.redhat.com/support/errata/RHSA-2007-0841.html SECTRACK:1018297 URL:http://securitytracker.com/id?1018297 SECTRACK:1018299 URL:http://securitytracker.com/id?1018299 SECUNIA:25819 URL:http://secunia.com/advisories/25819 SECUNIA:25859 URL:http://secunia.com/advisories/25859 SECUNIA:26463 URL:http://secunia.com/advisories/26463 SECUNIA:26828 URL:http://secunia.com/advisories/26828 SECUNIA:27361 URL:http://secunia.com/advisories/27361 VIM:20071030 RealPlayer Updates of October 25, 2007 URL:http://www.attrition.org/pipermail/vim/2007-October/001841.html VUPEN:ADV-2007-2339 URL:~~http://www.vupen.com/english/advisories/2007/2339~~ (Obsolete source) VUPEN:ADV-2007-3628 URL:~~http://www.vupen.com/english/advisories/2007/3628~~ (Obsolete source) XF:realplayer-smiltime-wallclockvalue-bo(35088) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35088
Assigning CNA
MITRE Corporation
Date Record Created
20070626	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070626)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)