OSVDB ID: 10417

Title: RealNetworks Multiple Products Local Malformed RM File Arbitrary Code Execution

Info

Disclosure

Sep 28, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

RealNetworks contains a flaw related to the Player that may allow an attacker to fashion an RM file which corrupts the Player when run from a local drive and which might allow an attacker to execute arbitrary code on a user's machine. No further details have been provided.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified

Solution

Upgrade to version RealPlayer 10.5 (Gold) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

RealNetworks, Inc.	RealOne Player	1
	RealOne Player	2
	RealPlayer	10
		10.5 (6.0.12.1040)
		10.5 Beta (6.0.12.1016)
		8
	RealPlayer Enterprise	1
	Mac RealPlayer	10 Beta
	Mac RealOne Player	1
	Linux RealPlayer	10
	Helix Player	1

References

Security Tracker: 1011449
Related OSVDB ID: 10418 10419
Secunia Advisory ID: 12672 13994
ISS X-Force ID: 18982
CVE ID: 2005-0191 (see also: NVD)
Other Advisory URL: http://www.novell.com/linux/security/advisories/2005_04_realplayer8.html
http://www.service.real.com/help/faq/security/040928_player/EN/

Credit

John Heasman -
Marc Maiffret - marceeye.com - eEye Digital Security

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

RealNetworks, Inc.

RealOne Player

RealPlayer

RealPlayer Enterprise

Mac RealPlayer

Mac RealOne Player

Linux RealPlayer

Helix Player

References

Credit