RealNetworks RealOne Player/RealPlayer SMIL File Remote Stack Based Buffer Overflow Vulnerability
BID:12698
Info
RealNetworks RealOne Player/RealPlayer SMIL File Remote Stack Based Buffer Overflow Vulnerability
| Bugtraq ID: | 12698 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0455 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery is credited to an anonymous researcher. |
| Vulnerable: |
Redhat Fedora Core3 RealNetworks RealPlayer For Unix 10.0.3 RealNetworks RealPlayer Enterprise 1.6 RealNetworks RealPlayer Enterprise 1.5 RealNetworks RealPlayer Enterprise 1.2 RealNetworks RealPlayer Enterprise 1.1 RealNetworks RealPlayer Enterprise RealNetworks RealPlayer 10 for Mac OS RealNetworks RealPlayer 10 for Linux RealNetworks RealPlayer 10.5 v6.0.12.1056 RealNetworks RealPlayer 10.5 v6.0.12.1053 RealNetworks RealPlayer 10.5 v6.0.12.1040 RealNetworks RealPlayer 10.0 RealNetworks RealPlayer 8.0 Win32 RealNetworks RealOne Player for OSX 9.0 .297 RealNetworks RealOne Player for OSX 9.0 .288 RealNetworks RealOne Player 6.0.11 .872 RealNetworks RealOne Player 6.0.11 .868 RealNetworks RealOne Player 6.0.11 .853 RealNetworks RealOne Player 6.0.11 .841 RealNetworks RealOne Player 6.0.11 .840 RealNetworks RealOne Player 6.0.11 .830 RealNetworks RealOne Player 6.0.11 .818 RealNetworks RealOne Player 1.0 RealNetworks Helix Player for Linux 1.0 |
| Not Vulnerable: |
RealNetworks RealPlayer 10 for Mac OS 10.0 .0.331 RealNetworks RealPlayer 10.5 v6.0.12.1059 |
Discussion
RealNetworks RealOne Player/RealPlayer SMIL File Remote Stack Based Buffer Overflow Vulnerability
RealNetworks RealPlayer and RealOne Player are reported prone to a remote stack based buffer overflow vulnerability. The issue exists due to a lack of boundary checks performed by the application when parsing Synchronized Multimedia Integration Language (SMIL) files. A remote attacker may execute arbitrary code on a vulnerable computer to gain unauthorized access.
This vulnerability is reported to exist in RealNetworks products for Microsoft Windows, Linux, and Apple Mac platforms.
RealNetworks RealPlayer and RealOne Player are reported prone to a remote stack based buffer overflow vulnerability. The issue exists due to a lack of boundary checks performed by the application when parsing Synchronized Multimedia Integration Language (SMIL) files. A remote attacker may execute arbitrary code on a vulnerable computer to gain unauthorized access.
This vulnerability is reported to exist in RealNetworks products for Microsoft Windows, Linux, and Apple Mac platforms.
Exploit / POC
RealNetworks RealOne Player/RealPlayer SMIL File Remote Stack Based Buffer Overflow Vulnerability
The following proof of concept was supplied:
The following line must be added in an appropriate section of a SMIL file:
<text src="1024_768.en.txt" region="size" system-screen-
size="LONGSTRINGX768">
where "LONGSTRING" should be more than 256 bytes.
The following proof of concept has been released by nolimit@ciso and Buzzdee:
The following proof of concept was supplied:
The following line must be added in an appropriate section of a SMIL file:
<text src="1024_768.en.txt" region="size" system-screen-
size="LONGSTRINGX768">
where "LONGSTRING" should be more than 256 bytes.
The following proof of concept has been released by nolimit@ciso and Buzzdee:
Solution / Fix
RealNetworks RealOne Player/RealPlayer SMIL File Remote Stack Based Buffer Overflow Vulnerability
Solution:
RedHat Fedora Linux has made an advisory (FEDORA-2005-188) available dealing with this issue in their Core 3 distribution. Please see the reference section for more information.
SuSE has released advisory SUSE-SA:2005:014 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
The vendor has released updates dealing with this issue. Please see the referenced advisory for more information on obtaining the updated packages.
RealNetworks Helix Player for Linux 1.0
RealNetworks RealPlayer For Unix 10.0.3
Solution:
RedHat Fedora Linux has made an advisory (FEDORA-2005-188) available dealing with this issue in their Core 3 distribution. Please see the reference section for more information.
SuSE has released advisory SUSE-SA:2005:014 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
The vendor has released updates dealing with this issue. Please see the referenced advisory for more information on obtaining the updated packages.
RealNetworks Helix Player for Linux 1.0
-
Fedora HelixPlayer-1.0.3-3.fc3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora HelixPlayer-debuginfo-1.0.3-3.fc3.i 386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
RealNetworks RealPlayer For Unix 10.0.3
-
SuSE RealPlayer-10.0.3-0.1.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/RealPlayer-10.0.3 -0.1.i586.rpm
References
RealNetworks RealOne Player/RealPlayer SMIL File Remote Stack Based Buffer Overflow Vulnerability
References:
References: