FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3410

This CVE name corresponds to:

Entered Topic
2008-01-04 linux-realplayer -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-3410
Phase Assigned(20070626)

Description

Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.

References

Source Reference
IDEFENSE 20070626 RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability
CONFIRM http://service.real.com/realplayer/security/10252007_player/en/
GENTOO GLSA-200709-05
REDHAT RHSA-2007:0605
REDHAT RHSA-2007:0841
CERT-VN VU#770904
VIM 20071030 RealPlayer Updates of October 25, 2007
BID 24658
OSVDB 38342
OVAL oval:org.mitre.oval:def:10554
VUPEN ADV-2007-2339
VUPEN ADV-2007-3628
OSVDB 37374
SECTRACK 1018297
SECTRACK 1018299
SECUNIA 25819
SECUNIA 25859
SECUNIA 26463
SECUNIA 26828
SECUNIA 27361
XF realplayer-smiltime-wallclockvalue-bo(35088)