[NEWS] REAL One Player R3T File Format Stack Overflow
From: SecuriTeam (support_at_securiteam.com)
Date: 04/08/04
- Previous message: SecuriTeam: "[NT] Nullsoft Winamp 'in_mod.dll' Heap Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 8 Apr 2004 11:53:44 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
REAL One Player R3T File Format Stack Overflow
------------------------------------------------------------------------
SUMMARY
RealOne / RealPlayer is one of the most widely used products for Internet
media delivery. There are currently in excess of 200 million users
worldwide of these products.
By crafting malformed .R3T file it is possible to cause a stack based
overruns in RealPlayer / RealOne Player. By forcing a browser to a
website containing such a file, code could be executed on the target
machine running in the context of the logged on user, alternatively the
end user would be required to open the .R3T file as a mail attachment.
DETAILS
Vulnerable Systems:
* RealPlayer 8
* RealOne Player
* RealOne Player v2 for Windows only (all languages)
* RealPlayer 10 Beta (English only)
* ReaPlayer Enterprise (all versions, standalone and as configured by the
RealPlayer Enterprise Manager)
Fix Information:
For the various fix options available for different types of REAL
products, NGS suggest visiting
<http://service.real.com/help/faq/security/040406_r3t/en/>
http://service.real.com/help/faq/security/040406_r3t/en/ for detailed
information.
ADDITIONAL INFORMATION
The information has been provided by <mailto:mark@ngssoftware.com> Mark
Litchfield.
The original article can be found at:
<http://www.ngssoftware.com/advisories/realr3t.txt>
http://www.ngssoftware.com/advisories/realr3t.txt.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] Nullsoft Winamp 'in_mod.dll' Heap Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
