Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Helix_player | Realnetworks | 1.0 (including) | 1.0 (including) |
| Realone_player | Realnetworks | 1.0 (including) | 1.0 (including) |
| Realone_player | Realnetworks | 2.0 (including) | 2.0 (including) |
| Realone_player | Realnetworks | 9.0.0.288 (including) | 9.0.0.288 (including) |
| Realone_player | Realnetworks | 9.0.0.297 (including) | 9.0.0.297 (including) |
| Realplayer | Realnetworks | - (including) | - (including) |
| Realplayer | Realnetworks | 8.0 (including) | 8.0 (including) |
| Realplayer | Realnetworks | 10.0 (including) | 10.0 (including) |
| Realplayer | Realnetworks | 10.0-beta (including) | 10.0-beta (including) |
| Realplayer | Realnetworks | 10.0_6.0.12.690 (including) | 10.0_6.0.12.690 (including) |
| Realplayer | Realnetworks | 10.5 (including) | 10.5 (including) |
| Realplayer | Realnetworks | 10.5_6.0.12.1016-beta (including) | 10.5_6.0.12.1016-beta (including) |
| Realplayer | Realnetworks | 10.5_6.0.12.1040 (including) | 10.5_6.0.12.1040 (including) |
References
- http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2
- http://secunia.com/advisories/12672
- http://www.securityfocus.com/bid/11309
- http://www.service.real.com/help/faq/security/040928_player/EN/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17549
- http://marc.info/?l=ntbugtraq\u0026m=109708374115061\u0026w=2
- http://secunia.com/advisories/12672
- http://www.securityfocus.com/bid/11309
- http://www.service.real.com/help/faq/security/040928_player/EN/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17549