|
|
| |
RealOne / RealPlayer is "one of the most widely used products for internet media delivery".
The products are vulnerable to file format buffer overruns which open the possibility for remote code execution with the user's permissions. |
| |
Credit:
The information has been provided by NGSSoftware Insight Security Research.
The original article can be found at: http://www.ngssoftware.com/advisories/realone.txt.
|
| |
Vulnerable Systems:
* RealOne Player, RealOne Player v2 (localized languages) and RealPlayer 10 Beta
Using a specially crafted media files such as .RP, .RT, .RAM, .RPM & .SMIL it is possible to exploit the vulnerabilities. It is possible to cause heap and stack overruns in the products. A malicious file can be found on a malicious website. Except in the case of an .RPM file the user will be required to open the attachment.
Patch Availability:
Realnetworks have supplied a patch for the mentioned issues. In their own advisory, Realnetworks describe the necessary steps in order to mitigate the vulnerabilities.
|
|
|
|
|
