RealNetworks RealPlayer Vidplin.dll Heap Overflow Vulnerability
BID:13530
Info
RealNetworks RealPlayer Vidplin.dll Heap Overflow Vulnerability
| Bugtraq ID: | 13530 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 06 2005 12:00AM |
| Updated: | May 06 2005 12:00AM |
| Credit: | Discovery of this issue is credited to eEye. |
| Vulnerable: |
RealNetworks Rhapsody 3.0 build 0.815 RealNetworks Rhapsody 3.0 build 0.1006 RealNetworks RealPlayer Enterprise RealNetworks RealPlayer 10.5 v6.0.12.1069 RealNetworks RealPlayer 10.5 v6.0.12.1059 RealNetworks RealPlayer 10.5 v6.0.12.1056 RealNetworks RealPlayer 10.5 v6.0.12.1053 RealNetworks RealPlayer 10.5 v6.0.12.1040 RealNetworks RealPlayer 10.0 RealNetworks RealPlayer 8.0 Win32 RealNetworks RealOne Player 2.0 RealNetworks RealOne Player 1.0 |
| Not Vulnerable: | |
Discussion
RealNetworks RealPlayer Vidplin.dll Heap Overflow Vulnerability
A heap overflow vulnerability exists in RealPlayer on Windows platforms. The issue exists because a buffer of fixed size can be overwritten when a malformed media file is processed.
The potential impact of this issue is that an attacker may execute code in the context of the user running the affected software.
This issue also affects various RealOne Player and Rhapsody releases.
A heap overflow vulnerability exists in RealPlayer on Windows platforms. The issue exists because a buffer of fixed size can be overwritten when a malformed media file is processed.
The potential impact of this issue is that an attacker may execute code in the context of the user running the affected software.
This issue also affects various RealOne Player and Rhapsody releases.
Exploit / POC
RealNetworks RealPlayer Vidplin.dll Heap Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
RealNetworks RealPlayer Vidplin.dll Heap Overflow Vulnerability
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the referenced advisory for further information.
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the referenced advisory for further information.
References
RealNetworks RealPlayer Vidplin.dll Heap Overflow Vulnerability
References:
References:
- RealNetworks, Inc. Releases Update to Address Security Vulnerabilities (RealNetworks)
- RealPlayer Homepage (Real Networks)
- Upcoming Advisories: EEYEB-20050504 (eEye Digital Security)
- eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow (
)