Vulnerability Details : CVE-2005-0455
Public exploit exists!
Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2005-0455
Probability of exploitation activity in the next 30 days: 46.80%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2005-0455
-
RealNetworks RealPlayer SMIL Buffer Overflow
Disclosure Date: 2005-03-01First seen: 2020-04-26exploit/windows/browser/realplayer_smilThis module exploits a stack buffer overflow in RealNetworks RealPlayer 10 and 8. By creating a URL link to a malicious SMIL file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an exten
CVSS scores for CVE-2005-0455
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2005-0455
-
http://www.idefense.com/application/poi/display?id=209&type=vulnerabilities
Patch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2005-265.html
Patch;Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-271.html
-
http://service.real.com/help/faq/security/050224_player
Patch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10926