Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain Now Playing options on a downloaded file with a long filename.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Realone_player | Realnetworks | 2.0 (including) | 2.0 (including) |
| Realplayer | Realnetworks | * | * |
| Realplayer | Realnetworks | 6.0 (including) | 6.0 (including) |
| Realplayer | Realnetworks | 7.0 (including) | 7.0 (including) |
| Realplayer | Realnetworks | 8.0 (including) | 8.0 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=103808645120764\u0026w=2
- http://service.real.com/help/faq/security/bufferoverrun_player.html
- http://www.securityfocus.com/bid/6227
- http://www.securityfocus.com/bid/6229
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10677
- http://marc.info/?l=bugtraq\u0026m=103808645120764\u0026w=2
- http://service.real.com/help/faq/security/bufferoverrun_player.html
- http://www.securityfocus.com/bid/6227
- http://www.securityfocus.com/bid/6229
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10677