Bug 119017

Summary: VUL-0: realplayer: format string bug
Product: [openSUSE] SUSE Linux 10.1 Reporter: Thomas Biege <thomas>
Component: OtherAssignee: Stanislav Brabec <sbrabec>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: patch-request, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-2710: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Biege 2005-09-27 14:18:45 UTC 
Hello Stanislav,
there is another issue with realplayer:
http://www.open-security.org/advisories/13
https://helixcommunity.org/projects/player/
Comment 3 Marcus Meissner 2005-09-28 04:58:55 UTC 
its a dup of the 106048. see Donas mail inside there  

*** This bug has been marked as a duplicate of 106048 ***
Comment 4 Thomas Biege 2005-09-28 08:58:11 UTC 
======================================================
Candidate: CAN-2005-2710
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2710
Reference: FULLDISC:20050926 RealPlayer && HelixPlayer Remote Format String
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=112775929608219&w=2
Reference: MISC:http://www.open-security.org/advisories/13
Reference: REDHAT:RHSA-2005:788
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-788.html
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168078

Format string vulnerability in Real HelixPlayer and RealPlayer 10
allows user-complicit attackers to execute arbitrary code via the
image handle attribute in a RealPix (.rp) or RealText (.rt) file.
Comment 5 Thomas Biege 2009-10-13 21:37:22 UTC 
CVE-2005-2710: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)