NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2005-2936

Summary	Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.
Publication Date	Nov. 18, 2005, 3:03 p.m.
Registration Date	Jan. 29, 2021, 5:59 p.m.
Last Update	May 19, 2011, 1 p.m.

CVSS2.0 : HIGH
Score	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
cpe:2.3:a:realnetworks:realplayer:8.0:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1348:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/19358	SECUNIA	Vendor Advisory
2	http://securitytracker.com/id?1015223	SECTRACK
3	http://service.real.com/help/faq/security/security111605.html	CONFIRM
4	http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities	IDEFENSE	Vendor Advisory
5	http://www.securityfocus.com/bid/15448	BID
6	http://www.service.real.com/realplayer/security/03162006_player/en/	CONFIRM
7	http://www.vupen.com/english/advisories/2006/1057	VUPEN	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html