TITLE: RealPlayer/RealOne/HelixPlayer "rm" and "rjs" File Handling Buffer Overflow
SECUNIA ADVISORY ID: SA17514 VERIFY ADVISORY: http://secunia.com/advisories/17514/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: Helix Player 1.x http://secunia.com/product/3970/ RealOne Player v1 http://secunia.com/product/666/ RealOne Player v2 http://secunia.com/product/2378/ RealPlayer 10.x http://secunia.com/product/2968/ RealPlayer Enterprise 1.x http://secunia.com/product/3342/ DESCRIPTION: eEye Digital Security has reported two vulnerabilities in RealPlayer, RealOne, and HelixPlayer, which can be exploited by malicious people to compromise a user's system. 1) A signedness error exists when handling the first data packet in a Real Media ".rm" file. This can be exploited to cause a stack-based buffer overflow via a specially crafted ".rm" file that contains values between 0x80 and 0xFF in the application-specific length field. Successful exploitation allows arbitrary code execution. The vulnerability has been reported in the following versions: * RealPlayer 10.5 (6.0.12.1040-1235) (Windows) * RealPlayer 10 (Windows) * RealOne Player v1 (Windows) * RealOne Player v2 (Windows) * RealPlayer 8 (Windows) * RealPlayer Enterprise versions 1.1, 1.2, 1.5, 1.6 and 1.7 (Windows) * RealPlayer 10 (10.0.0.305 - 331) (Mac) * RealPlayer 10 (10.0.0 - 10.0.5) (Linux) * Helix Player (10.0.0 - 10.0.5) (Linux) 2) A boundary error exists when extracting a RealPlayer skin ".rjs" file. This can be exploited to cause a heap-based buffer overflow in DUNZIP32.DLL via a malicious ".rjs" file with a specially-crafted file length field. The vulnerability has been reported in following versions: * RealPlayer 10.5 (6.0.12.1040-1235) (Windows) * RealPlayer 10 (Windows) * RealOne Player v1 (Windows) * RealOne Player v2 (Windows) * RealPlayer 8 (Windows) SOLUTION: Update to the fixed versions: -- Windows Platform -- RealPlayer 10.5 / RealOne Player v1 (English only) / RealOne Playerv2 / RealPlayer 10: Update to the latest version via "Check for Update" on the "Tools" menu, or download patch from vendor's website. http://service.real.com/help/faq/security/051110_player/EN/ RealPlayer 8 (version 6.0.9.584): Update to the latest version via "Check for Update" on the "Help" menu, or download patch from vendor's website. http://service.real.com/help/faq/security/051110_player/EN/ RealPlayer Enterprise: Apply patch. http://service.real.com/help/faq/security/security111005.html -- Mac OS X Platform -- RealPlayer 10: Update to the latest version via "Check for Update" on the "RealPlayer" menu. RealOne Player for Mac OS X users need to upgrade to RealPlayer 10 for Mac OS X and then apply the update. -- Linux Platform -- RealPlayer 10 for Linux: http://www.real.com/linux Helix Player for Linux: https://player.helixcommunity.org/2005/downloads/ ORIGINAL ADVISORY: RealNetworks: http://service.real.com/help/faq/security/051110_player/EN/ http://service.real.com/help/faq/security/security111005.html eEye Digital Security: http://www.eeye.com/html/research/advisories/AD20051110a.html http://www.eeye.com/html/research/advisories/AD20051110b.html ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
