OSVDB ID: 10419

Title: RealNetworks Multiple Products Malformed Media File Arbitrary File Deletion

Info

Disclosure

Sep 28, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

RealNetworks contains a flaw related to the player that may allow an attacker to fashion a web page and a media file to allow deletion of a file in a path known to the attacker. No further details have been provided.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified

Solution

Upgrade to version RealPlayer 10.5(Gold) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

RealNetworks, Inc.	RealPlayer	10.5 (6.0.12.1040)
		10.5 Beta (6.0.12.1016)
		10
	RealOne Player	1
		2

References

Security Tracker: 1011449
Related OSVDB ID: 10417 10418
Secunia Advisory ID: 12672 13994
CVE ID: 2005-0190 (see also: NVD)
Other Advisory URL: http://www.novell.com/linux/security/advisories/2005_04_realplayer8.html
http://www.service.real.com/help/faq/security/040928_player/EN/

Credit

John Heasman -
Marc Maiffret - marceeye.com - eEye Digital Security

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

RealNetworks, Inc.

RealPlayer

RealOne Player

References

Credit