RealNetworks RealPlayer SWF File Processing Remote Code Execution Vulnerability
BID:26284
Info
RealNetworks RealPlayer SWF File Processing Remote Code Execution Vulnerability
| Bugtraq ID: | 26284 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2263 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 25 2007 12:00AM |
| Updated: | Nov 01 2007 06:26PM |
| Credit: | An anonymous researcher reported this issue. |
| Vulnerable: |
RealNetworks RealPlayer 10 for Mac OS 10.0 .0.331 RealNetworks RealPlayer 10 for Mac OS 10.0 .0.331 RealNetworks RealPlayer 10 for Mac OS 10.0.0.503 RealNetworks RealPlayer 10 for Mac OS 10.0.0.481 RealNetworks RealPlayer 10 for Mac OS 10.0.0.412 RealNetworks RealPlayer 10 for Mac OS 10.0.0.396 RealNetworks RealPlayer 10 for Mac OS 10.0.0.352 RealNetworks RealPlayer 10 for Mac OS 10.0.0.325 RealNetworks RealPlayer 10 for Mac OS 10.0.0.305 RealNetworks RealPlayer 10 for Linux 10.0.7 RealNetworks RealPlayer 10 for Linux 10.0.6 RealNetworks RealPlayer 10 for Linux 10.0.5 RealNetworks RealPlayer 10 for Linux 10.0.4 RealNetworks RealPlayer 10 for Linux 10.0.3 RealNetworks RealPlayer 10 for Linux 10.0.2 RealNetworks RealPlayer 10 for Linux 10.0.1 RealNetworks RealPlayer 10.5 RealNetworks RealPlayer 10.0 BETA RealNetworks RealPlayer 10.0 v6.0.12.690 RealNetworks RealPlayer 10.0 RealNetworks RealPlayer 10.5-GOLD RealNetworks Helix Player for Linux 10.0.7 RealNetworks Helix Player for Linux 10.0.6 RealNetworks Helix Player for Linux 10.0.5 RealNetworks Helix Player for Linux 10.0.4 RealNetworks Helix Player for Linux 10.0.3 RealNetworks Helix Player for Linux 10.0.2 RealNetworks Helix Player for Linux 10.0.1 RealNetworks Helix Player for Linux 10.0.0.8 |
| Not Vulnerable: | |
Discussion
RealNetworks RealPlayer SWF File Processing Remote Code Execution Vulnerability
RealNetworks RealPlayer is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
This issue was previously disclosed in BID 26214 (RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities).
RealNetworks RealPlayer is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
This issue was previously disclosed in BID 26214 (RealNetworks RealPlayer File Parsing Routines Multiple Vulnerabilities).
Exploit / POC
RealNetworks RealPlayer SWF File Processing Remote Code Execution Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
RealNetworks RealPlayer SWF File Processing Remote Code Execution Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
RealNetworks RealPlayer SWF File Processing Remote Code Execution Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- RealPlayer Homepage (Real Networks )
- RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability (Zero Day Initiative)
- RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. (RealNetworks)