RealNetworks RealArcade Multiple Remote Vulnerabilities
BID:12494
Info
RealNetworks RealArcade Multiple Remote Vulnerabilities
| Bugtraq ID: | 12494 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2005 12:00AM |
| Updated: | Feb 08 2005 12:00AM |
| Credit: | Luigi Auriemma <[email protected]> is credited with the discovery of these issues. |
| Vulnerable: |
RealNetworks RealArcade 1.2 .0.994 |
| Not Vulnerable: | |
Discussion
RealNetworks RealArcade Multiple Remote Vulnerabilities
Multiple remote vulnerabilities reportedly affect RealNetworks RealArcade. The first issue allows for arbitrary file deletion due to an input validation issue. The second issue is an integer overflow issue resulting in code execution.
Both of these issues require an unsuspecting user to download and activate a malicious file for exploitation.
Successful exploitation of these issues will facilitate code execution and file deletion with the privileges of an unsuspecting user that activates a malicious RealArcade file.
Multiple remote vulnerabilities reportedly affect RealNetworks RealArcade. The first issue allows for arbitrary file deletion due to an input validation issue. The second issue is an integer overflow issue resulting in code execution.
Both of these issues require an unsuspecting user to download and activate a malicious file for exploitation.
Successful exploitation of these issues will facilitate code execution and file deletion with the privileges of an unsuspecting user that activates a malicious RealArcade file.
Exploit / POC
RealNetworks RealArcade Multiple Remote Vulnerabilities
The following exploits have been made available to exploit the buffer overflow and the arbitrary file deletion issues respectively:
The following exploits have been made available to exploit the buffer overflow and the arbitrary file deletion issues respectively:
Solution / Fix
RealNetworks RealArcade Multiple Remote Vulnerabilities
Solution:
Some reports indicate that these issues have been addressed in RealArcade 1.2.0.996 and subsequent versions. This information could not be confirmed by Symantec.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Some reports indicate that these issues have been addressed in RealArcade 1.2.0.996 and subsequent versions. This information could not be confirmed by Symantec.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
RealNetworks RealArcade Multiple Remote Vulnerabilities
References:
References:
- RealArcade Home Page (Real Networks)
- Integer overflow and arbitrary files deletion in RealArcade 1.2.0.994 (Luigi Auriemma