CVE-2007-5400

Published: Jul 28, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file.

Affected (3)

Products: Real: Realplayer · Realnetworks: Realplayer

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Real Realplayer	Version 10.1
Realnetworks Realplayer	Version 10.0
Realnetworks Realplayer	Version 10.5

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (28)

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27620

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/advisories/31321

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/35416

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/secunia_research/2007-93/advisory/

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://securityreason.com/securityalert/4048

Source: PSIRT-CNA@flexerasoftware.com

http://service.real.com/realplayer/security/07252008_player/en/

Source: PSIRT-CNA@flexerasoftware.com

http://www.kb.cert.org/vuls/id/298651

Source: PSIRT-CNA@flexerasoftware.com

US Government Resource

http://www.redhat.com/support/errata/RHSA-2008-0812.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/494749/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/bid/30370

Source: PSIRT-CNA@flexerasoftware.com

http://www.securitytracker.com/id?1020562

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2008/2194/references

Source: PSIRT-CNA@flexerasoftware.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/43996

Source: PSIRT-CNA@flexerasoftware.com

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html