CVE-2006-0323

Name: CVE-2006-0323
Creator: NVD / NIST
Published: 2006-03-23T23:06:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 16.74%

Last modified Jun 16, 2026

CVE-2006-0323 is a vulnerability of currently unknown severity. Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.. EPSS estimates a 16.74% chance of exploitation in the next 30 days.

Description

Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.

Metrics

EPSS Probability

16.74%

96.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Realnetworks	Helix Player	All versions	—
Realnetworks	Realone Player	All versions	—
Realnetworks	Realplayer	10.0	Gold
Realnetworks	Realplayer	10.0.6	—
Realnetworks	Realplayer	10.5	—
Realnetworks	Rhapsody	3	—

References

http://secunia.com/advisories/19358Vendor Advisory
http://secunia.com/advisories/19362Patch, Vendor Advisory
http://secunia.com/advisories/19365Patch, Vendor Advisory
http://secunia.com/advisories/19390Vendor Advisory
http://securityreason.com/securityalert/690
http://securitytracker.com/id?1015806
http://www.gentoo.org/security/en/glsa/glsa-200603-24.xmlPatch, Vendor Advisory
http://www.kb.cert.org/vuls/id/231028Patch, Third Party Advisory, US Government Resource
http://www.novell.com/linux/security/advisories/2006_18_realplayer.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0257.htmlPatch, Vendor Advisory
http://www.securityfocus.com/archive/1/430621/100/0/threaded
http://www.securityfocus.com/bid/17202Exploit
http://www.service.real.com/realplayer/security/03162006_player/en/Patch
http://www.vupen.com/english/advisories/2006/1057
https://exchange.xforce.ibmcloud.com/vulnerabilities/25408
http://secunia.com/advisories/19358Vendor Advisory
http://secunia.com/advisories/19362Patch, Vendor Advisory
http://secunia.com/advisories/19365Patch, Vendor Advisory
http://secunia.com/advisories/19390Vendor Advisory
http://securityreason.com/securityalert/690
http://securitytracker.com/id?1015806
http://www.gentoo.org/security/en/glsa/glsa-200603-24.xmlPatch, Vendor Advisory
http://www.kb.cert.org/vuls/id/231028Patch, Third Party Advisory, US Government Resource
http://www.novell.com/linux/security/advisories/2006_18_realplayer.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0257.htmlPatch, Vendor Advisory
http://www.securityfocus.com/archive/1/430621/100/0/threaded
http://www.securityfocus.com/bid/17202Exploit
http://www.service.real.com/realplayer/security/03162006_player/en/Patch
http://www.vupen.com/english/advisories/2006/1057
https://exchange.xforce.ibmcloud.com/vulnerabilities/25408

Timeline

Published: Mar 23, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-0323?

How severe is CVE-2006-0323?

Severity scoring for CVE-2006-0323 is pending analysis. The EPSS model estimates a 16.74% probability of exploitation in the next 30 days.

How do I fix CVE-2006-0323?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-0323?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST