RealNetwork RealPlayer MID File Handling Remote Denial of Service Vulnerability
BID:22050
Info
RealNetwork RealPlayer MID File Handling Remote Denial of Service Vulnerability
| Bugtraq ID: | 22050 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 15 2007 12:00AM |
| Updated: | Jan 16 2007 05:30PM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
RealNetworks RealPlayer 10.5 |
| Not Vulnerable: | |
Discussion
RealNetwork RealPlayer MID File Handling Remote Denial of Service Vulnerability
RealNetwork RealPlayer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted files.
Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users. Arbitrary code execution might be possible, but this is not confirmed.
Version 10.5 is vulnerable to this issue; other versions may also be affected.
RealNetwork RealPlayer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted files.
Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users. Arbitrary code execution might be possible, but this is not confirmed.
Version 10.5 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
RealNetwork RealPlayer MID File Handling Remote Denial of Service Vulnerability
An attacker can exploit this issue by enticing an unsuspecting victim to open a '.mid' file using RealPlayer.
The following proof of concept is available:
An attacker can exploit this issue by enticing an unsuspecting victim to open a '.mid' file using RealPlayer.
The following proof of concept is available:
Solution / Fix
RealNetwork RealPlayer MID File Handling Remote Denial of Service Vulnerability
Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
RealNetwork RealPlayer MID File Handling Remote Denial of Service Vulnerability
References:
References:
- RealPlayer Homepage (Real Networks)