(RHSA-2007:0605) Critical: HelixPlayer security update

2007-06-2700:00:00

access.redhat.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.2%

JSON

HelixPlayer is a media player.

A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. It was possible
for a malformed SMIL file to execute arbitrary code with the permissions of
the user running HelixPlayer. (CVE-2007-3410)

All users of HelixPlayer are advised to upgrade to this updated package,
which contains a backported patch and is not vulnerable to this issue.

OSVersionArchitecturePackageVersionFilename
RedHatanysrchelixplayer< 1.0.6-0.EL4.2.0.2HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm
RedHatanyppchelixplayer< 1.0.6-0.EL4.2.0.2HelixPlayer-1.0.6-0.EL4.2.0.2.ppc.rpm
RedHatanyi386helixplayer< 1.0.6-0.EL4.2.0.2HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	src	helixplayer	< 1.0.6-0.EL4.2.0.2	HelixPlayer-1.0.6-0.EL4.2.0.2.src.rpm
RedHat	any	ppc	helixplayer	< 1.0.6-0.EL4.2.0.2	HelixPlayer-1.0.6-0.EL4.2.0.2.ppc.rpm
RedHat	any	i386	helixplayer	< 1.0.6-0.EL4.2.0.2	HelixPlayer-1.0.6-0.EL4.2.0.2.i386.rpm