Thursday, November 10, 2005

RealPlayer and RealOne Player Multiple Buffer Overflow Vulnerabilities

Via FrSIRT.

Advisory ID : FrSIRT/ADV-2005-2385
CVE ID : CVE-2005-2629 - CVE-2005-2630
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-11-10

Technical Description

Multiple vulnerabilities were identified in RealPlayer and RealOne Player, which could be exploited by remote attackers to execute arbitrary commands.

The first issue is due to a stack overflow error when processing a malformed data packet contained in a Real Media file, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to visit a malicious Web page hosting a specially crafted ".rm" file.

The second vulnerability is due to a heap overflow error in the "DUNZIP32.DLL" library that does not properly handle a malformed RealPlayer skin file, which could be exploited by attackers to execute arbitrary commands by tricking a user into visiting a malicious Web page hosting a specially crafted ".rjs" file.

The third flaw is due to an unspecified stack overflow error when processing malicious skin files, which could be exploited by remote attackers to compromise a vulnerable system.

Affected Products

RealPlayer 10.5 (6.0.12.1040-1235)
RealPlayer 10
RealOne Player v2
RealOne Player v1
RealPlayer 8
RealPlayer Enterprise 1.1
RealPlayer Enterprise 1.2
RealPlayer Enterprise 1.5
RealPlayer Enterprise 1.6
RealPlayer Enterprise 1.7
Mac RealPlayer 10 (10.0.0.305 - 331)
Linux RealPlayer 10 (10.0.0 - 5)
Helix Player (10.0.0 - 5)

Solution

RealPlayer 10.5 (Windows) patch :
http://service.real.com/help/faq/security/051110_player/EN/win32patch.rnx

RealPlayer 8, RealOne Player (English), RealOne Player V2, and RealPlayer 10 (Windows) patch :
http://service.real.com/help/faq/security/051110_player/EN/player.rnx

RealPlayer Enterprise update :
http://docs.real.com/docs/entinst.exe

RealPlayer 10 (Mac OS X) update :
http://www.real.com/upgrade/mac_upgrade.html

RealPlayer 10 (Linux) update :
http://www.real.com/linux

Helix Player (Linux) update :
http://player.helixcommunity.org/downloads/

References

http://www.frsirt.com/english/advisories/2005/2385
http://service.real.com/help/faq/security/security111005.html
http://service.real.com/help/faq/security/051110_player/EN/
http://www.frsirt.com/english/reference/589
http://www.frsirt.com/english/reference/588



posted by Fergie @ 11/10/2005 04:50:00 PM

0 Comments:

Post a Comment

<< Home