RealOne/RealPlayer rtsp Media File Overflow

2004-02-05T05:24:17
ID OSVDB:3828
Type osvdb
Reporter OSVDB
Modified 2004-02-05T05:24:17

Description

Vulnerability Description

A remote overflow exists in RealOne Player and RealPlayer (all language versions). The application fails to handle a long rtsp:// filename parameter resulting in a file format buffer overrun. With a specially crafted request, an attacker can cause code execution on the target machine running in the context of the logged on user resulting in a loss of confidentiality and integrity.

Solution Description

Currently, there are no known workarounds to correct this issue. However, REAL has released a patch to address this vulnerability, which can be applied via the "Check for Update" feature.

Short Description

A remote overflow exists in RealOne Player and RealPlayer (all language versions). The application fails to handle a long rtsp:// filename parameter resulting in a file format buffer overrun. With a specially crafted request, an attacker can cause code execution on the target machine running in the context of the logged on user resulting in a loss of confidentiality and integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:10796 Related OSVDB ID: 3827 Related OSVDB ID: 3826 Other Advisory URL: http://www.nextgenss.com/advisories/realone.txt Generic Informational URL: http://computercops.biz/article1795.html