Reported October 28, 2004, by eEye Digital Security
VERSIONS AFFECTED
|
DESCRIPTION
A vulnerability in RealPlayer could result in the remote execution of arbitrary
code on the vulnerable system. When an .rjs file containing a long filename (larger
than about 0x8000 bytes) is opened, either in RealPlayer or through a Web
browser, a stack-based buffer overflow occurs, allowing an exception-handler
record to be overwritten and the Execution Instruction Point (EIP) to be
hijacked.
VENDOR RESPONSE
The author, RealNetworks, has
released a patch (available via the Check for Update menu item under Tools on
the RealPlayer menu bar) to address this vulnerability.
CREDIT
Discovered by eEye Digital Security.
0 comments
Hide comments