{"vuid":"VU#759385","idnumber":"759385","name":"RealNetworks player \"Lyrics3\" buffer overflow","keywords":["RealPlayer","Helix Player","buffer overflow","Lyrics3 tags","MP3 files"],"overview":"Multiple RealNetworks media players contain a buffer overflow which could allow a remote attacker to execute arbitrary code on an affected system.","clean_desc":"The RealNetworks RealPlayer and Helix Player applications allow users to view local and remote audio and video content. These players include support for a number of different media formats, including the MP3 audio-encoding format. A heap-based buffer overflow exists in the way that these players handle the Lyrics3 v2.00 tags in MP3 files. A remote, unauthenticated attacker with the ability to supply a specially crafted MP3 file could exploit this vulnerability to execute arbitrary code on an affected system.","impact":"A remote, unauthenticated attacker could execute arbitrary code with the privileges of the user running a vulnerable application.","resolution":"Apply an update RealNetworks has published a Security Update to address this issue. Please see the Systems Affected section for fix availability from specific vendors.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by \nJohn Heasman of NGSSoftware. NGSSoftware credits an anonymous researcher with reporting this vulnerability to them.","author":"This document was written by Joseph W. Pruszynski.","public":["http://secunia.com/advisories/27361/","http://service.real.com/realplayer/security/10252007_player/en/","http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags/"],"cveids":["CVE-2007-5080"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-10-30T11:54:05Z","publicdate":"2007-10-29T00:00:00Z","datefirstpublished":"2007-11-16T20:06:21Z","dateupdated":"2007-11-16T20:06:44Z","revision":21,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"2","cam_population":"12","cam_impact":"15","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"22.275","cam_scorecurrentwidelyknown":"22.275","cam_scorecurrentwidelyknownexploited":"42.525","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":22.275,"vulnote":null}