RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]

From: tmorgan-security@kavi.com
Date: 01/25/02

• Previous message: Ofir Arkin: "Identifying PGP Corporate Desktop 7.1 with PGPfire Personal Desktop Firewall Installed (no need to be enabled) on Microsoft Windows Based OSs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 24 Jan 2002 19:17:41 -0800
From: tmorgan-security@kavi.com
To: bugtraq@securityfocus.com

Hello bugtraq,

There are buffer overflows in RealPlayer's header reading code. To
my knowledge, no exploit has been developed for it, but it appears
possible.

Since the press already has a hold of it:
  http://www.newsbytes.com/news/02/173936.html

I might as well release this now. The official advisory can be
found at:
  http://www.sentinelchicken.com/advisories/realplayer/

Real has told me there should be a patch out sometime after noon
tomorrow (Pacific time).

thanks,
tim
(Not a security expert.)

---

• Previous message: Ofir Arkin: "Identifying PGP Corporate Desktop 7.1 with PGPfire Personal Desktop Firewall Installed (no need to be enabled) on Microsoft Windows Based OSs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-01