RealPlayer AVI Processing Overflow

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,310
Hiya

RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.

The specific exploits were:

Exploit 1: To fashion a malicious MP3 file to allow the overwriting of a local file or execution of an ActiveX control on a customer's machine.
Exploit 2: To fashion a malicious RealMedia file which uses RealText to cause a heap overflow to allow an attacker to execute arbitrary code on a customer's machine.
Exploit 3: To fashion a malicious AVI file to cause a buffer overflow to allow an attacker to execute arbitrary code on a customer's machine.
Exploit 4: Using default settings of earlier Internet Explorer browsers, a malicious website could cause a local HTML file to be created and then trigger an RM file to play which would then reference this local HTML file.


Affected Software:

RealPlayer 10.5 (6.0.12.1040-1069)
RealPlayer 10
RealOne Player v2
RealOne Player v1
RealPlayer 8
RealPlayer Enterprise
Rhapsody 3 (build 0.815 - 0.1006)
Mac RealPlayer 10 (10.0.0.305 - 331)
Mac RealOne Player
Linux RealPlayer 10 (10.0.0 - 4)
Helix Player (10.0.0 - 4)



http://service.real.com/help/faq/security/050623_player/EN/

Regards

eddie
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top