RealNetworks Inc. addressed security vulnerabilities in its RealPlayer product used in playing audio/video files. Some of the vulnerable product versions are as follows:
Windows
Linux
Note: For the complete list and for security patches, visit
http://service.real.com/help/faq/security/051110_player/EN/
More details about the said vulnerabilities can be found by clicking on the links below:
RealPlayer Data Packet Stack Overflow
http://www.eeye.com/html/research/advisories/AD20051110a.html
“The vulnerability allows a remote attacker to reliably overwrite stack memory with arbitrary data and execute arbitrary code in the context of the user who executed the player.
This specific flaw exists in the first data packet contained in a Real Media file. By specially crafting a malformed .rm movie file, a direct stack overwrite is triggered, and reliable code execution is then possible.”
Real Player Zipped Skin File Buffer Overflow II
http://www.eeye.com/html/research/advisories/AD20051110b.html
“allows a remote attacker to reliably overwrite the heap with arbitrary data and execute arbitrary code in the context of the user under which the player is running.”
Users of the vulnerable products are advised to apply the said security patches. We can never tell these days when a malicious attacker exploits these vulnerabilities.
Windows
- RealPlayer 10.5 (6.0.12.1040-1235)
- RealPlayer 10
- RealOne Player v2
- RealOne Player v1
- RealPlayer 8
- RealPlayer Enterprise
Linux
- Linux RealPlayer 10 (10.0.0 – 5)
- Helix Player (10.0.0 – 5)
Note: For the complete list and for security patches, visit
http://service.real.com/help/faq/security/051110_player/EN/
More details about the said vulnerabilities can be found by clicking on the links below:
RealPlayer Data Packet Stack Overflow
http://www.eeye.com/html/research/advisories/AD20051110a.html
“The vulnerability allows a remote attacker to reliably overwrite stack memory with arbitrary data and execute arbitrary code in the context of the user who executed the player.
This specific flaw exists in the first data packet contained in a Real Media file. By specially crafting a malformed .rm movie file, a direct stack overwrite is triggered, and reliable code execution is then possible.”
Real Player Zipped Skin File Buffer Overflow II
http://www.eeye.com/html/research/advisories/AD20051110b.html
“allows a remote attacker to reliably overwrite the heap with arbitrary data and execute arbitrary code in the context of the user under which the player is running.”
Users of the vulnerable products are advised to apply the said security patches. We can never tell these days when a malicious attacker exploits these vulnerabilities.