[NT] Multiple File Format Vulnerabilities In REALOne/RealPlayer

From: SecuriTeam (support_at_securiteam.com)
Date: 02/05/04

  • Next message: SecuriTeam: "[NEWS] Cisco Crafted Layer 2 Frame Vulnerability" 
    To: list@securiteam.com
Date: 5 Feb 2004 19:03:35 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Multiple File Format Vulnerabilities In REALOne/RealPlayer
    ------------------------------------------------------------------------

    SUMMARY

    RealOne / RealPlayer is "one of the most widely used products for internet
    media delivery".

    The products are vulnerable to file format buffer overruns which open the
    possibility for remote code execution with the user's permissions.

    DETAILS

    Vulnerable Systems:
     * RealOne Player, RealOne Player v2 (localized languages) and RealPlayer
    10 Beta

    Using a specially crafted media files such as .RP, .RT, .RAM, .RPM & .SMIL
    it is possible to exploit the vulnerabilities. It is possible to cause
    heap and stack overruns in the products. A malicious file can be found on
    a malicious website. Except in the case of an .RPM file the user will be
    required to open the attachment.

    Patch Availability:
    Realnetworks have supplied a patch for the mentioned issues. In their own
    <http://service.real.com/help/faq/security/040123_player/EN/> advisory,
    Realnetworks describe the necessary steps in order to mitigate the
    vulnerabilities.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:mark@ngssoftware.com>
    NGSSoftware Insight Security Research.

    The original article can be found at:
    <http://www.ngssoftware.com/advisories/realone.txt>
    http://www.ngssoftware.com/advisories/realone.txt.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NEWS] Cisco Crafted Layer 2 Frame Vulnerability"

    Relevant Pages