RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities
BID:26214
Info
RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities
| Bugtraq ID: | 26214 |
| Class: | Unknown |
| CVE: |
CVE-2007-5080 CVE-2007-5081 CVE-2007-2263 CVE-2007-2264 CVE-2007-4599 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 25 2007 12:00AM |
| Updated: | Nov 16 2007 09:24PM |
| Credit: | Piotr Bania, John Heasman, and some anonymous researchers are credited with the discovery of these vulnerabilities. |
| Vulnerable: |
RealNetworks RealPlayer Enterprise RealNetworks RealPlayer 8 RealNetworks RealPlayer 10 for Mac OS 10.0 .0.331 RealNetworks RealPlayer 10 for Mac OS 10.0.0.481 RealNetworks RealPlayer 10 for Mac OS 10.0.0.412 RealNetworks RealPlayer 10 for Mac OS 10.0.0.396 RealNetworks RealPlayer 10 for Mac OS 10.0.0.352 RealNetworks RealPlayer 10 for Mac OS 10.0.0.325 RealNetworks RealPlayer 10 for Mac OS 10.0.0.305 RealNetworks RealPlayer 10 for Linux 10.0.8 RealNetworks RealPlayer 10 for Linux 10.0.7 RealNetworks RealPlayer 10 for Linux 10.0.6 RealNetworks RealPlayer 10 for Linux 10.0.5 RealNetworks RealPlayer 10.5 RealNetworks RealPlayer 10.0 RealNetworks RealOne Player for Mac 0 RealNetworks RealOne Player 2.0 RealNetworks RealOne Player 1.0 RealNetworks Helix Player for Linux 10.0.7 RealNetworks Helix Player for Linux 10.0.6 RealNetworks Helix Player for Linux 10.0.5 RealNetworks Helix Player for Linux 10.0.0.8 |
| Not Vulnerable: | |
Discussion
RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities
RealNetworks RealPlayer is prone to multiple memory-corruption vulnerabilities that arise when the application processes specially crafted files.
Successfully exploiting these issues will allow remote attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will cause a denial-of-service condition.
RealNetworks RealPlayer is prone to multiple memory-corruption vulnerabilities that arise when the application processes specially crafted files.
Successfully exploiting these issues will allow remote attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will cause a denial-of-service condition.
Exploit / POC
RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities
Currently we are not aware of any working exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities
Solution:
RealNetworks has released an advisory and fixes to address these issues. Please see the references for more information.
Solution:
RealNetworks has released an advisory and fixes to address these issues. Please see the references for more information.
References
RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities
References:
References:
- RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Corruption by Pi (Piotr Bania)
- RealNetworks RealPlayer/RealOne Player/Helix Player Remote Memory Corruption by (Piotr Bania)
- RealPlayer Homepage (Real Networks )
- Heap overflow in RealPlayer ID3 tag parser (NGSSoftware Insight Security Research
) - RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Corruption ("Piotr Bania"
) - RealNetworks RealPlayer/RealOne Player/Helix Player Remote Memory Corruption ("Piotr Bania"
) - RealNetworks RealPlayer PLS File Memory Corruption Vulnerability (Zero Day Initiative)
- RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. (RealNetworks)
- RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability (Zero Day Initiative)
- Vulnerability Note VU#759385 RealNetworks player 'Lyrics3' buffer overflow (US-CERT)