RealOne/RealPlayer RMP Code Execution

2004-02-04T00:00:00
ID OSVDB:3827
Type osvdb
Reporter OSVDB
Modified 2004-02-04T00:00:00

Description

Vulnerability Description

A possibly remote overflow exists in mediaplayer software from Real Networks. The mediaplayer software fails to validate mediafiles downloaded before playing them resulting in heap and stack based overflows. With a specially crafted file, an attacker can cause arbitrary code to be executed resulting in a loss of confidentiality, integrity, and/or availability.

Technical Description

If an attacker can direct a user to download and open RMP files containing malicious content it is possible to executed arbitrary code in the context of that user.

Solution Description

Use the built-in function to check for updates to upgrade to a newer version, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A possibly remote overflow exists in mediaplayer software from Real Networks. The mediaplayer software fails to validate mediafiles downloaded before playing them resulting in heap and stack based overflows. With a specially crafted file, an attacker can cause arbitrary code to be executed resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Advisory URL Secunia Advisory ID:10796 Related OSVDB ID: 3828 Related OSVDB ID: 3826 Other Advisory URL: http://www.nextgenss.com/advisories/realone.txt ISS X-Force ID: 15040 CVE-2004-0258 CIAC Advisory: o-075 CERT VU: 473814 CERT VU: 473902 CERT VU: 514734 Bugtraq ID: 9579