Reported
February 4, 2004 by NGSSoftware.
VERSIONS
AFFECTED
RealOne Player
RealOne Player v2
RealOne Enterprise
Desktop
RealPlayer Enterprise
(all language versions, all platforms)
DESCRIPTION
RealNetworks' RealOne Player
and RealPlayer contain multiple vulnerabilities, the most serious of which can
result in arbitrary code execution on the vulnerable system. This vulnerability
is a result of a flaw in the way the SurfNOW proxy server handles long HTTP
headers. By crafting malformed .RP, .RT, .RAM, .RPM, and .SMIL files, an
attacker can cause heap- and stack-based overruns in RealOne Player and
RealPlayer. By forcing a browser to a Web site that contains such a file, a
malicious user can execute code on the target machine running in the context of
the logged on user. Alternatively, an end user can open the attachment (except
in the case of the .RPM file).
VENDOR
RESPONSE
RealNetworks has issued a
notice about these vulnerabilities and recommends that affected users
immediately apply the available update.
CREDIT
Discovered by
Mark Litchfield.
Multiple Vulnerabilities in RealPlayer and RealOne player
4 comments
Hide comments