Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA27361] RealPlayer/RealOne/HelixPlayer Multiple Buffer Overflows



> ----------------------------------------------------------------------
>
> TITLE:
> RealPlayer/RealOne/HelixPlayer Multiple Buffer Overflows
>
> SECUNIA ADVISORY ID:
> SA27361
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/27361/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> RealPlayer 10.x
> http://secunia.com/product/2968/
> RealPlayer Enterprise 1.x
> http://secunia.com/product/3342/
> RealOne Player 1.x
> http://secunia.com/product/666/
> RealOne Player 2.x
> http://secunia.com/product/2378/
> Helix Player 1.x
> http://secunia.com/product/3970/
>
> DESCRIPTION:
> Multiple vulnerabilities have been reported in
> RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious
> people to compromise a user's system.
>
> The vulnerabilities are caused due to boundary errors when processing
> various media and playlist files (e.g. mp3, rm, SMIL, swf, ram, pls)
> and can be exploited to cause heap-based and stack-based buffer
> overflows via specially-crafted files.
>
> The following products are affected by one or all vulnerabilities
> (see vendor's advisory for details):
> * RealPlayer 10.5 (6.0.12.1040-6.0.12.1578, 6.0.12.1698,
> 6.0.12.1741)
> * RealPlayer 10
> * RealOne Player v2
> * RealOne Player v1
> * RealPlayer 8
> * RealPlayer Enterprise
> * Mac RealPlayer 10.1 (10.0.0. 481)
> * Mac RealPlayer 10.1 (10.0.0.396 - 10.0.0.412)
> * Mac RealPlayer 10 (10.0.0.352)
> * Mac RealPlayer 10 (10.0.0.305 - 331)
> * Mac RealOne Player
> * Linux RealPlayer 10 (10.0.5 - 10.0.8)
> * Helix Player (10.0.5 - 10.0.8)
>
> SOLUTION:
> Update to the latest versions. Please see the vendor's advisory for
> details.
> http://service.real.com/realplayer/security/10252007_player/en/
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> * John Heasman, NGS Software
> * Piotr Bania
> * Anonymous researchers, reported via ZDI
>
> ORIGINAL ADVISORY:
> RealNetworks:
> http://service.real.com/realplayer/security/10252007_player/en/
>
>



 




Copyright © Lexa Software, 1996-2009.