Real Player multiple buffer overflows updated since 25.10.2007
Published:		02.11.2007
Source:		CERT
SecurityVulns ID:		8292
Type:		client
Level:		7/10
Description:		ActiveX vulnerability is used in-the-wild for silent trojan code installation via Internet Explorer. In addition, there is a buffer overflow on .mov files parsing and .mp3 ID3 tags.

Affected:		REAL : RealPlayer 10
		REAL : RealOne Player 2
		REAL : RealPlayer 10.5
		REAL : RealPlayer 11
CVE:		CVE-2007-4599
		CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.)
		CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.)

Original document		ZDI, ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability (02.11.2007)
		ZDI, ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption Vulnerability (02.11.2007)
		ZDI, ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability (02.11.2007)
		NGSSoftware Insight Security Research Advisory (NISR), Heap overflow in RealPlayer ID3 tag parser (31.10.2007)
		Piotr Bania, RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Corruption (26.10.2007)
		CERT, US-CERT Technical Cyber Security Alert TA07-297A -- RealNetworks RealPlayer ActiveX Playlist Buffer Overflow (25.10.2007)

Discuss:

Read or add your comments to this news (0 comments)