CVE-2002-0207 - OpenCVE

Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Realnetworks	Realplayer Intranet Realone Player

Configuration 1 [-]

OR	cpe:2.3:a:realnetworks:realone_player::::::::
	cpe:2.3:a:realnetworks:realplayer_intranet::::::::
	cpe:2.3:a:realnetworks:realplayer_intranet:7.0:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html	Vendor Advisory
http://online.securityfocus.com/archive/1/252414	Not Applicable Third Party Advisory VDB Entry
http://online.securityfocus.com/archive/1/252425	Not Applicable Third Party Advisory VDB Entry
http://sentinelchicken.com/advisories/realplayer/	Vendor Advisory
http://www.iss.net/security_center/static/7839.php	Broken Link
http://www.securityfocus.com/bid/3809	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-25T04:00:00

Updated: 2002-05-09T09:00:00

Reserved: 2002-05-01T00:00:00

Link: CVE-2002-0207

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-05-16T04:00:00.000

Modified: 2017-07-11T15:15:46.497

Link: CVE-2002-0207

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-05-09T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3809", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3809"}, {"name": "20020105 RealPlayer Buffer Problem", "tags": ["mailing-list", "x_refsource_VULN-DEV"], "url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html"}, {"name": "20020124 Potential RealPlayer 8 Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/252414"}, {"name": "20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/252425"}, {"tags": ["x_refsource_MISC"], "url": "http://sentinelchicken.com/advisories/realplayer/"}, {"name": "realplayer-file-header-bo(7839)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7839.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0207", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3809", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3809"}, {"name": "20020105 RealPlayer Buffer Problem", "refsource": "VULN-DEV", "url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html"}, {"name": "20020124 Potential RealPlayer 8 Vulnerability", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/252414"}, {"name": "20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/252425"}, {"name": "http://sentinelchicken.com/advisories/realplayer/", "refsource": "MISC", "url": "http://sentinelchicken.com/advisories/realplayer/"}, {"name": "realplayer-file-header-bo(7839)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7839.php"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0207", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-05-01T00:00:00", "dateUpdated": "2002-05-09T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realone_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BB23A59-3C3E-42AF-8516-A6BF09D23ABF", "versionEndIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_intranet:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAC6EBA2-7964-432D-883E-F894F6A44E84", "versionEndIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_intranet:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "777C703D-70A6-4091-8C21-85587657BBA2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header."}, {"lang": "es", "value": "Desbordamiento del b\u00fafer en la aplicaci\u00f3n Real Networks RealPlayer 8.0 y versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo arbitrario usando un valor de longitud de cabecera que excede la longitud actual de cabecera."}], "id": "CVE-2002-0207", "lastModified": "2017-07-11T15:15:46.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-05-16T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Third Party Advisory", "VDB Entry"], "url": "http://online.securityfocus.com/archive/1/252414"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Third Party Advisory", "VDB Entry"], "url": "http://online.securityfocus.com/archive/1/252425"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://sentinelchicken.com/advisories/realplayer/"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.iss.net/security_center/static/7839.php"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/3809"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}