remote code execution in RealPlayer

2005-10-1013:36:54

lists.opensuse.org

0.969 High

EPSS

Percentile

99.6%

JSON

The following security issue in RealPlayer was fixed: - A format string bug in the RealPix (.rp) file format parser (CAN-2005-2710). This bug allowed remote attackers to execute arbitrary code by supplying a specially crafted file, e.g via Web page or E-Mail. Note that we no longer support RealPlayer on the following distributions for some time now: - SUSE Linux 9.1 - SUSE Linux 9.0 - SUSE Linux Desktop 1.0 On these distributions, please deinstall RealPlayer by running as root: rpm -e RealPlayer 2) Solution or Work-Around

Solution

There is no known workaround, please install the update packages.

OSVersionArchitecturePackageVersionFilename
openSUSE9.2i586realplayer< 10.0.6-1.4RealPlayer-10.0.6-1.4.i586.rpm
openSUSE10.0i586realplayer< 10.0.6-3.2RealPlayer-10.0.6-3.2.i586.rpm
openSUSE9.3i586realplayer< 10.0.6-1.4RealPlayer-10.0.6-1.4.i586.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	9.2	i586	realplayer	< 10.0.6-1.4	RealPlayer-10.0.6-1.4.i586.rpm
openSUSE	10.0	i586	realplayer	< 10.0.6-3.2	RealPlayer-10.0.6-3.2.i586.rpm
openSUSE	9.3	i586	realplayer	< 10.0.6-1.4	RealPlayer-10.0.6-1.4.i586.rpm

0.969 High

EPSS

Percentile

99.6%

JSON

Related for SUSE-SA:2005:059