CVE-2002-1321 - Vulnerability Details - OpenCVE

Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Realnetworks	Realone Player Realplayer

Configuration 1 [-]

OR	cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
	cpe:2.3:a:realnetworks:realplayer::g2::::::*
	cpe:2.3:a:realnetworks:realplayer:6.0::win32:::::
	cpe:2.3:a:realnetworks:realplayer:7.0::win32:::::
	cpe:2.3:a:realnetworks:realplayer:8.0::win32:::::

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=103808645120764&w=2
http://service.real.com/help/faq/security/bufferoverrun_player.html
http://www.securityfocus.com/bid/6227
http://www.securityfocus.com/bid/6229
https://exchange.xforce.ibmcloud.com/vulnerabilities/10677

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-11-27T05:00:00

Updated: 2024-08-08T03:19:28.536Z

Reserved: 2002-11-26T00:00:00

Link: CVE-2002-1321

Vulnrichment

No data.

NVD

Status : Modified

Published: 2002-12-11T05:00:00.000

Modified: 2024-11-20T23:41:02.803

Link: CVE-2002-1321

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-11-22T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain \"Now Playing\" options on a downloaded file with a long filename."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://service.real.com/help/faq/security/bufferoverrun_player.html"}, {"name": "6229", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6229"}, {"name": "20021122 Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=103808645120764&w=2"}, {"name": "6227", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6227"}, {"name": "realplayer-rtsp-filename-bo(10677)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1321", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain \"Now Playing\" options on a downloaded file with a long filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://service.real.com/help/faq/security/bufferoverrun_player.html", "refsource": "CONFIRM", "url": "http://service.real.com/help/faq/security/bufferoverrun_player.html"}, {"name": "6229", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6229"}, {"name": "20021122 Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=103808645120764&w=2"}, {"name": "6227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6227"}, {"name": "realplayer-rtsp-filename-bo(10677)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T03:19:28.536Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://service.real.com/help/faq/security/bufferoverrun_player.html"}, {"name": "6229", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/6229"}, {"name": "20021122 Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=103808645120764&w=2"}, {"name": "6227", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/6227"}, {"name": "realplayer-rtsp-filename-bo(10677)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1321", "datePublished": "2002-11-27T05:00:00", "dateReserved": "2002-11-26T00:00:00", "dateUpdated": "2024-08-08T03:19:28.536Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CF6535A6-6647-4E60-B5AA-24DFC06360AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:*:g2:*:*:*:*:*:*", "matchCriteriaId": "F443B415-782D-4059-931E-222968D5CC8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:6.0:*:win32:*:*:*:*:*", "matchCriteriaId": "65124AAD-0F80-4FBB-8A29-420C445E889C", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:7.0:*:win32:*:*:*:*:*", "matchCriteriaId": "2F5492A8-E1B6-4ADF-B057-125ECD8B7FE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:8.0:*:win32:*:*:*:*:*", "matchCriteriaId": "003D7E29-9970-4984-9756-C070E15B7979", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain \"Now Playing\" options on a downloaded file with a long filename."}, {"lang": "es", "value": "M\u00fcltiples desbordamientos de b\u00fafer en RealOne y RealPlayer permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante \r\n\r\nun fichero de Lenguaje de Integraci\u00f3n Multimedia Sincronizada (SMIL) con un par\u00e1metro largo.\r\nun nombre de fichero largo en una petici\u00f3n rtsp://, por ejemplo un fichero. m3u, o\r\nCiertas opciones \"Now Playing\" (Reproduciendo Ahora) en un fichero descargado con un nombre de fichero largo."}], "id": "CVE-2002-1321", "lastModified": "2024-11-20T23:41:02.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-12-11T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=103808645120764&w=2"}, {"source": "cve@mitre.org", "url": "http://service.real.com/help/faq/security/bufferoverrun_player.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6227"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6229"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=103808645120764&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://service.real.com/help/faq/security/bufferoverrun_player.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}