Skip navigation
Menu
Security

Multiple Vulnerabilities in RealPlayer and RealOne player

Reported February 4, 2004 by NGSSoftware.

 

 

VERSIONS AFFECTED

 

  • RealOne Player

  • RealOne Player v2

  • RealOne Enterprise Desktop

  • RealPlayer Enterprise (all language versions, all platforms)

 

DESCRIPTION

 

RealNetworks' RealOne Player and RealPlayer contain multiple vulnerabilities, the most serious of which can result in arbitrary code execution on the vulnerable system. This vulnerability is a result of a flaw in the way the SurfNOW proxy server handles long HTTP headers. By crafting malformed .RP, .RT, .RAM, .RPM, and .SMIL files, an attacker can cause heap- and stack-based overruns in RealOne Player and RealPlayer. By forcing a browser to a Web site that contains such a file, a malicious user can execute code on the target machine running in the context of the logged on user. Alternatively, an end user can open the attachment (except in the case of the .RPM file).

 

VENDOR RESPONSE

 

RealNetworks has issued a notice about these vulnerabilities and recommends that affected users immediately apply the available update.

 

CREDIT

 

Discovered by Mark Litchfield.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024