CERTVU:770904RealNetworks players SMIL "wallclock" buffer overflow
0.953 High
EPSS
Percentile
99.3%
Overview
A buffer overflow in RealNetworks media players could allow a remote attacker to execute arbitrary code on an affected system.
Description
The RealNetworks RealPlayer and Helix Player applications allow users to view local and remote audio and video content. These players support multiple media formats including the synchronized multimedia integration language (SMIL). A stack-based buffer overflow exists in the way that these players handle the “wallclock-sync” values encoded in the SMIL data. A remote attacker with the ability to supply a specially crafted media file or stream could exploit this vulnerability to execute arbitrary code on an affected system.
Note that we are aware of publicly-available exploit code for this vulnerability.
Impact
A remote unauthenticated attacker could execute arbitrary code with the privileges of the user running a vulnerable application or cause the vulnerable application to crash, resulting in a denial of service.
Solution
Apply an update from the vendor
The latest versions of the affected software available at the time of this writing are reported to contain a patch for this issue. Users of RealPlayer are encouraged to take the following steps to update:
* Windows users are encouraged to follow the steps outlined in [RealNetworks support document Answer ID 6929](<http://real.custhelp.com/cgi-bin/real.cfg/php/enduser/std_adp.php?p_faqid=6929>)
* RealPlayer for Mac OS X users should take the following steps:
1. Go the RealPlayer menu.
2. Choose Check for Update.
3. Select the box next to the “RealPlayer 10 Latest Release” component.
4. Click Install to download and install the update
Vendor Information
770904
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
RealNetworks, Inc. Affected
Notified: June 27, 2007 Updated: June 28, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat, Inc. __ Affected
Updated: June 27, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Red Hat has published Red Hat Security Advisory RHSA-2007:0605 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23770904 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547>
Acknowledgements
This vulnerability was reported by iDefense Labs in iDefense Labs Public Advisory: 06.26.07. iDefense credits an anonymous researcher with reporting this vulnerability to them.
This document was written by Chad R Dougherty.
Other Information
| CVE IDs: | CVE-2007-3410 |
|---|---|
| Severity Metric: | 22.28 Date Public: |
Related
