This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:REAL:REALTEXT-ERR-OF
|
Severity |
Minor
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
RealNetworks RealText Error Message Buffer Overflow
|
Release Date |
2005/07/01
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: RealNetworks RealText Error Message Buffer Overflow
This signature detects attempts to exploit a known vulnerability against RealNetworks RealText. RealPlayer versions 1.6 and earlier are vulnerable. Attackers can craft malicious documents containing invalid version and name information. A successful attack can allow a remote attacker to execute arbitrary code and create files on the target client's system.
Extended Description
RealPlayer is prone to a remote heap-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
Specifically, the application fails to bounds-check user-supplied data contained in RealText files, resulting in the possibility of overflowing a heap buffer. Attackers can control the contents of critical memory control structures and write arbitrary data to arbitrary memory locations.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the user running the affected application.
Affected Products
- Gentoo linux
- Real_networks helix_player_for_linux 1.0.4
- Real_networks realone_player 1.0.0
- Real_networks realone_player 2.0.0
- Real_networks realplayer 10.0.0
- Real_networks realplayer 10.0.0 BETA
- Real_networks realplayer 10.0.0 v6.0.12.690
- Real_networks realplayer 10.5.0
- Real_networks realplayer 10.5.0 Beta v6.0.12.1016
- Real_networks realplayer 10.5.0 V6.0.12.1040
- Real_networks realplayer 10.5.0 V6.0.12.1053
- Real_networks realplayer 10.5.0 V6.0.12.1056
- Real_networks realplayer 10.5.0 V6.0.12.1059
- Real_networks realplayer 10.5.0 V6.0.12.1069
- Real_networks realplayer 6.0.0 Unix
- Real_networks realplayer 6.0.0 Win32
- Real_networks realplayer 7.0.0 Mac
- Real_networks realplayer 7.0.0 Unix
- Real_networks realplayer 7.0.0 Win32
- Real_networks realplayer 8.0.0 Mac
- Real_networks realplayer 8.0.0 Unix
- Real_networks realplayer 8.0.0 Win32
- Real_networks realplayer G2
- Real_networks realplayer_10 English
- Real_networks realplayer_10 German
- Real_networks realplayer_10 Japanese
- Real_networks realplayer_10_for_linux
- Real_networks realplayer_10_for_mac_os 10.0.0 .0.331
- Real_networks realplayer_10_for_mac_os 10.0.0.305
- Real_networks realplayer_10_for_mac_os 10.0.0.325
- Real_networks realplayer_10_for_mac_os beta
- Real_networks realplayer_10_for_mac_os
- Real_networks realplayer_8
- Real_networks realplayer_enterprise 1.1.0
- Real_networks realplayer_enterprise 1.2.0
- Real_networks realplayer_enterprise 1.5.0
- Real_networks realplayer_enterprise 1.6.0
- Real_networks realplayer_enterprise 1.7.0
- Real_networks realplayer_enterprise
- Real_networks realplayer_for_unix 10.0.3
- Real_networks realplayer_for_unix 10.0.4
- Real_networks realplayer_for_windows 7.0.0
- Real_networks realplayer_intranet 7.0.0
- Real_networks realplayer_intranet 8.0.0
- Red_hat desktop 3.0.0
- Red_hat desktop 4.0.0
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 3
- Red_hat enterprise_linux_ws 4
- Red_hat fedora Core3
- Red_hat fedora Core4
- Suse linux_desktop 1.0.0
- Suse linux_personal 8.2.0
- Suse linux_personal 9.0.0
- Suse linux_personal 9.0.0 X86 64
- Suse linux_personal 9.1.0
- Suse linux_personal 9.1.0 X86 64
- Suse linux_personal 9.2.0
- Suse linux_personal 9.2.0 X86 64
- Suse linux_personal 9.3.0
- Suse linux_personal 9.3.0 X86 64
- Suse linux_professional 8.2.0
- Suse linux_professional 9.0.0
- Suse linux_professional 9.0.0 X86 64
- Suse linux_professional 9.1.0
- Suse linux_professional 9.1.0 X86 64
- Suse linux_professional 9.2.0
- Suse linux_professional 9.2.0 X86 64
- Suse linux_professional 9.3.0
- Suse linux_professional 9.3.0 X86 64
- Suse novell_linux_desktop 9.0.0
- Suse open-enterprise-server 9.0.0
- Suse suse_linux_enterprise_server 8
- Suse suse_linux_enterprise_server 9
- Suse suse_linux_openexchange_server 4.0.0
- Suse suse_linux_retail_solution 8.0.0
- Suse suse_linux_school_server_for_i386
- Suse suse_linux_standard_server 8.0.0
References