helix-player -- multiple vulnerabilities

ID DSA-826
Type debian
Reporter Debian
Modified 2005-09-29T00:00:00


Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources.

Buffer overflow in the RealText parser could allow remote code execution via a specially crafted RealMedia file with a long RealText string.

Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the image handle attribute in a RealPix (.rp) or RealText (.rt) file.

For the stable distribution (sarge), these problems have been fixed in version 1.0.4-1sarge1

For the unstable distribution (sid), these problems have been fixed in version 1.0.6-1

We recommend that you upgrade your helix-player package.

helix-player was distributed only on the i386 and powerpc architectures