Computer Security
[EN] securityvulns.ru no-pyccku


Real Player multiple buffer overflows
updated since 25.10.2007
Published:02.11.2007
Source:
SecurityVulns ID:8292
Type:client
Threat Level:
7/10
Description:ActiveX vulnerability is used in-the-wild for silent trojan code installation via Internet Explorer. In addition, there is a buffer overflow on .mov files parsing and .mp3 ID3 tags.
Affected:REAL : RealPlayer 10
 REAL : RealOne Player 2
 REAL : RealPlayer 10.5
 REAL : RealPlayer 11
CVE:CVE-2007-4599
 CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.)
 CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.)
Original documentdocumentZDI, ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability (02.11.2007)
 documentZDI, ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption Vulnerability (02.11.2007)
 documentZDI, ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability (02.11.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Heap overflow in RealPlayer ID3 tag parser (31.10.2007)
 documentPiotr Bania, RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Corruption (26.10.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-297A -- RealNetworks RealPlayer ActiveX Playlist Buffer Overflow (25.10.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod