Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-3410

Disclosure Date: June 26, 2007
CVE-2007-3410
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2007-3410 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3410)
BID-24658 (http://www.securityfocus.com/bid/24658)
Advisory
http://service.real.com/realplayer/security/10252007_player/en
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10554
SECUNIA-26463 (http://secunia.com/advisories/26463)
GLSA-200709-05 (http://security.gentoo.org/glsa/glsa-200709-05.xml)
ADV-2007-2339 (http://www.vupen.com/english/advisories/2007/2339)
XF-realplayer-smiltime-wallclockvalue-bo(35088) (https://exchange.xforce.ibmcloud.com/vulnerabilities/35088)
http://www.redhat.com/support/errata/RHSA-2007-0841.html
SECUNIA-26828 (http://secunia.com/advisories/26828)
OSVDB-38342 (http://osvdb.org/38342)
VU#770904 (http://www.kb.cert.org/vuls/id/770904)
http://www.redhat.com/support/errata/RHSA-2007-0605.html
SECUNIA-25859 (http://secunia.com/advisories/25859)
OSVDB-37374 (http://osvdb.org/37374)
ADV-2007-3628 (http://www.vupen.com/english/advisories/2007/3628)
SECUNIA-25819 (http://secunia.com/advisories/25819)
SECTRACK-1018297 (http://securitytracker.com/id?1018297)
SECUNIA-27361 (http://secunia.com/advisories/27361)
SECTRACK-1018299 (http://securitytracker.com/id?1018299)
Miscellaneous
20070626 RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547)
20071030 RealPlayer Updates of October 25, 2007 (http://www.attrition.org/pipermail/vim/2007-October/001841.html)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis