10418 : RealNetworks Multiple Products Malformed HTML Call Arbitrary Code Execution
Printer | http://osvdb.org/10418 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

5 months ago

Percent Complete

100%

Disclosure

Sep 28, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

RealNetworks contains a flaw that may allow a malicious user to fashion a web page with malformed calls, corrupting the embedded Player. The issue is triggered when a user visits the attackers web site. It is possible that the flaw may allow arbitrary code Execution on a user's machine resulting in a loss of confidentiality and/or integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified

Solution

Upgrade to version RealPlayer 10.5 (Gold) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

RealNetworks, Inc.	RealOne Player	2
		1
	RealPlayer	10.5 Beta (6.0.12.1016)
		10.0
		10.5 (6.0.12.1040)

References

Related OSVDB ID: 10417 10419
Other Advisory URL: http://www.novell.com/linux/security/advisories/2005_04_realplayer8.html
http://www.service.real.com/help/faq/security/040928_player/EN/
Secunia Advisory ID: 12672 13994
CVE ID: 2005-0189 (see also: NVD)
Security Tracker: 1011449

Tools & Filters

Nessus	15395 17590

Credit

John Heasman -
Marc Maiffret - marceeye.com - eEye Digital Security

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

RealNetworks, Inc.

RealOne Player

RealPlayer

References

Tools & Filters

Credit

Blogs

Comments