RealPlayer invalid chunk header heap overflow

2006-03-31T00:00:00
ID SAINT:74F1BEDE6E32D2B82819435F2160B116
Type saint
Reporter SAINT Corporation
Modified 2006-03-31T00:00:00

Description

Added: 03/31/2006
CVE: CVE-2005-2922
BID: 17202
OSVDB: 24062

Background

RealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page.

Problem

A chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution.

Resolution

Use the Check for Update feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404>

Limitations

Exploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer.

Platforms

Windows 2000
Windows XP