Lucene search

K
saintSAINT CorporationSAINT:74F1BEDE6E32D2B82819435F2160B116
HistoryMar 31, 2006 - 12:00 a.m.

RealPlayer invalid chunk header heap overflow

2006-03-3100:00:00
SAINT Corporation
download.saintcorporation.com
36

EPSS

0.024

Percentile

89.9%

Added: 03/31/2006
CVE: CVE-2005-2922
BID: 17202
OSVDB: 24062

Background

RealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page.

Problem

A chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution.

Resolution

Use the Check for Update feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404&gt;

Limitations

Exploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer.

Platforms

Windows 2000
Windows XP

EPSS

0.024

Percentile

89.9%