Two vulnerabilities have been discovered in Helix Player, which potentially can be exploited by malicious people to compromise a user's system.
1) A format string error exists when displaying the invalid-handle error message. This may be exploited to execute arbitrary code via a specially crafted ".rp" (RealPix) file that contains format-string specifiers in the "handle" attribute of the "image" tag. The ".rt" file format may also be affected.
2) A format string error exists when displaying the "missing XML tag end" error message. This may be exploited to execute arbitrary code via a specially crafted ".rp" file that contains format-string specifiers in the attributes of the "head" tag.
Successful exploitation requires that the user is e.g. tricking into opening or following a link to a malicious ".rp" file.
The vulnerabilities have been confirmed in Helix Player 18.104.22.1687 (gold), and affects only the Linux/Unix platforms. Prior versions may also be affected.
Note: Exploit code for vulnerability #1 is publicly available.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Helix Player Error Message Format String Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.