Real Networks RealPlayer 6/7 Location Buffer Overflow Vulnerability
BID:1088
Info
Real Networks RealPlayer 6/7 Location Buffer Overflow Vulnerability
| Bugtraq ID: | 1088 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0280 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 03 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | Posted to Bugtraq on April 3, 2000 by Adam Muntner <[email protected]>. |
| Vulnerable: |
RealNetworks RealPlayer for Windows 7.0 RealNetworks RealPlayer 6.0 Win32 |
| Not Vulnerable: | |
Discussion
Real Networks RealPlayer 6/7 Location Buffer Overflow Vulnerability
Unchecked buffer code exists in the 'location' field of Real Networks RealPlayer versions 6.0 and 7.0. Requesting a URL containing a string consisting of 300 or more characters would cause the application to crash and would require a restart in order to regain normal functionality. Arbitrary code can potentially be executed through this vulnerability.
This vulnerability may be exploited remotely if such a URL were embedded in a HTML file with the command 'autostart' set as 'true'. Both RealPlayer and the accompanying browser would crash in this case and require to be restarted to regain functionality.
So far only the Windows versions of the Real Player have been proven to be vulnerable in this manner.
Unchecked buffer code exists in the 'location' field of Real Networks RealPlayer versions 6.0 and 7.0. Requesting a URL containing a string consisting of 300 or more characters would cause the application to crash and would require a restart in order to regain normal functionality. Arbitrary code can potentially be executed through this vulnerability.
This vulnerability may be exploited remotely if such a URL were embedded in a HTML file with the command 'autostart' set as 'true'. Both RealPlayer and the accompanying browser would crash in this case and require to be restarted to regain functionality.
So far only the Windows versions of the Real Player have been proven to be vulnerable in this manner.
Exploit / POC
Real Networks RealPlayer 6/7 Location Buffer Overflow Vulnerability
http://<string containing over 300 characters>
http://<string containing over 300 characters>
Solution / Fix
Real Networks RealPlayer 6/7 Location Buffer Overflow Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Real Networks RealPlayer 6/7 Location Buffer Overflow Vulnerability
References:
References:
- RealPlayer Homepage (Real Networks)