|
|
CVE Reference: CVE-2005-2922 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-2922 |
|
|
Description: Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/25409 SUSE http://www.novell.com/linux/security/advisories/2006_18_realplayer.html ST 1015808 SAID Secunia Advisory: SA19358 Secunia Advisory: SA19365 REDHAT http://www.redhat.com/support/errata/RHSA-2005-762.html http://www.redhat.com/support/errata/RHSA-2005-788.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11444 CONFIRM http://www.service.real.com/realplayer/security/03162006_player/en/ CERT-VN 172489 BID 17202 |
|
| Return to the previous page. |
