|
RealPlayer Playlist Handling Buffer Overflow Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA27248
|
|
|
Release Date:
|
2007-10-22
|
|
Last Update:
|
2007-10-23
|
|
|
Critical:
|
Extremely critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | RealOne Player 1.x
RealOne Player 2.x
RealPlayer 10.x
|
| | CVE reference: | CVE-2007-5601 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability has been discovered in RealPlayer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a signedness error in MPAMedia.dll when handling playlist names. This can be exploited to cause a stack-based buffer overflow by e.g. importing a file into a specified playlist with an overly long name via the "Import()" method of the IERPCtl ActiveX control (ierpplug.dll).
Successful exploitation allows execution of arbitrary code.
NOTE: The vulnerability is currently being actively exploited.
Solution:
Apply patch for RealPlayer 10.5 and 11 beta:
http://service.real.com/realplayer/security/191007_player/en/securitydb.rnx
The vendor recommends users of RealPlayer 10 and RealOne v1 and v2 to upgrade to version 10.5 and apply the patch.
NOTE: According to the vendor, RealPlayer 8 and prior versions for Windows are not affected. Versions for Macintosh and Linux are also not affected.
Provided and/or discovered by:
Reported as a 0-day.
Changelog:
2007-10-23: Added additional link in "Original Advisory" section.
Original Advisory:
RealNetworks:
http://service.real.com/realplayer/security/191007_player/en/
http://docs.real.com/docs/security/SecurityUpdate101907Player.pdf
Other References:
US-CERT VU#871673:
http://www.kb.cert.org/vuls/id/871673
Extended Solution:
The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
20 Related Secunia Security Advisories, displaying 10
|
|
|
1. RealPlayer ActiveX Control "Console" Property Memory Corruption
|
|
2. RealPlayer/RealOne/HelixPlayer Multiple Buffer Overflows
|
|
3. RealPlayer/Helix Player SMIL wallclock Buffer Overflow Vulnerability
|
|
4. RealNetworks Products Multiple Buffer Overflow Vulnerabilities
|
|
5. RealPlayer/RealOne/HelixPlayer "rm" and "rjs" File Handling Buffer Overflow
|
|
6. RealPlayer Error Message Format String Vulnerabilities
|
|
7. RealOne / RealPlayer / Helix Player / Rhapsody Multiple Vulnerabilities
|
|
8. Realplayer/RealOne RAM File Processing Buffer Overflow Vulnerability
|
|
9. RealPlayer WAV and SMIL File Handling Buffer Overflows
|
|
10. RealPlayer RealMedia ".rm" Security Bypass Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
