RealNetworks Multiple Products Multiple Buffer Overflow Vulnerabilities
BID:17202
Info
RealNetworks Multiple Products Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 17202 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-0323 CVE-2005-2922 CVE-2006-1370 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2006 12:00AM |
| Updated: | Jul 05 2016 09:38PM |
| Credit: | John Heasman of NGS Software, Greg MacManus with iDEFENSE Labs, and Sowhat are credited with the discovery of these issues. |
| Vulnerable: |
Turbolinux Turbolinux FUJI S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 Real Networks Rhapsody 3.0 build 1.0.269 Real Networks Rhapsody 3.0 build 0.815 Real Networks RealPlayer Enterprise Real Networks RealPlayer 10 for Mac OS 10.0 .0.331 Real Networks RealPlayer 10 for Mac OS 10.0.0.305 Real Networks RealPlayer 10 for Mac OS Real Networks RealPlayer 10 for Linux 10.0.6 Real Networks RealPlayer 10 for Linux 10.0.5 Real Networks RealPlayer 10 for Linux 10.0.4 Real Networks RealPlayer 10 for Linux 10.0.3 Real Networks RealPlayer 10 for Linux 10.0.2 Real Networks RealPlayer 10 for Linux 10.0.1 Real Networks RealPlayer 10 for Linux Real Networks RealPlayer 10.5 v6.0.12.1348 Real Networks RealPlayer 10.5 v6.0.12.1235 Real Networks RealPlayer 10.5 v6.0.12.1069 Real Networks RealPlayer 10.5 v6.0.12.1059 Real Networks RealPlayer 10.5 v6.0.12.1056 Real Networks RealPlayer 10.5 v6.0.12.1053 Real Networks RealPlayer 10.5 v6.0.12.1040 Real Networks RealPlayer 10.0 Real Networks RealPlayer 8.0 Win32 Real Networks RealOne Player for OSX 9.0 .297 Real Networks RealOne Player for OSX 9.0 .288 Real Networks RealOne Player for Mac 0 Real Networks RealOne Player 2.0 Real Networks RealOne Player 1.0 Real Networks Helix Player for Linux 10.0.6 Real Networks Helix Player for Linux 10.0.5 Real Networks Helix Player for Linux 10.0.4 Real Networks Helix Player for Linux 10.0.3 Real Networks Helix Player for Linux 10.0.2 Real Networks Helix Player for Linux 10.0.1 Real Networks Helix Player for Linux 10.0 Gentoo Linux |
| Not Vulnerable: |
Real Networks Rhapsody 3.0 build 1.0.270 Real Networks Rhapsody 2.0 Real Networks RealPlayer 10 for Mac OS 10.0.0.325 Real Networks RealPlayer 10 for Linux 10.0.7 Real Networks RealPlayer 10.5 v6.0.12.1483 Real Networks Helix Player for Linux 10.0.7 |
Discussion
RealNetworks Multiple Products Multiple Buffer Overflow Vulnerabilities
Various RealNetworks products are prone to multiple buffer-overflow vulnerabilities.
These issues can result in memory corruption and facilitate arbitrary code execution. A successful attack can allow remote attackers to execute arbitrary code in the context of the application to gain unauthorized access.
Various RealNetworks products are prone to multiple buffer-overflow vulnerabilities.
These issues can result in memory corruption and facilitate arbitrary code execution. A successful attack can allow remote attackers to execute arbitrary code in the context of the application to gain unauthorized access.
Exploit / POC
RealNetworks Multiple Products Multiple Buffer Overflow Vulnerabilities
A proof-of-concept denial-of-service exploit by Federico L. Bossi Bonin is available.
A proof-of-concept denial-of-service exploit by Federico L. Bossi Bonin is available.
Solution / Fix
RealNetworks Multiple Products Multiple Buffer Overflow Vulnerabilities
Solution:
The vendor has released fixes to address these issues.
Please see the references for more information and fixes.
Solution:
The vendor has released fixes to address these issues.
Please see the references for more information and fixes.
References
RealNetworks Multiple Products Multiple Buffer Overflow Vulnerabilities
References:
References:
- Home Page (Real Networks)
- RealNetworks Releases Product Updates. (Real Networks)
- iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and Helix Player In (labs-no-reply
- Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities (Sowhat