Signature Detail

APP: RealPlayer Format String

This signature detects attempts to exploit a known vulnerability in the RealMedia RealPlayer program. An attacker can send a malicious .rp file to a user, which upon opening, could create a format string bug. Once the program is opened, it runs without any additional user intervention.

Extended Description

RealPlayer and Helix player are susceptible to a format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input, allowing a remote attacker to supply format specifiers directly to a formatted printing function. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. RealPlayer 10.0 through 10.0.5 for Linux and Helix Player 1.0 through 1.0.5 are prone to this issue.

Affected Products

• Real Networks Helix Player for Linux 1.0.0
• Real Networks Helix Player for Linux 1.0.1
• Real Networks Helix Player for Linux 1.0.2
• Real Networks Helix Player for Linux 1.0.3
• Real Networks Helix Player for Linux 1.0.4
• Real Networks Helix Player for Linux 1.0.5
• Real Networks RealPlayer 10 English
• Real Networks RealPlayer 10 German
• Real Networks RealPlayer 10 Japanese
• Real Networks RealPlayer 10 for Linux
• Real Networks RealPlayer For Unix 10.0.3
• Real Networks RealPlayer For Unix 10.0.4
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora Core3
• Red Hat Fedora Core4
• SuSE Linux Personal 10.0.0 OSS
• SuSE Linux Personal 9.2.0
• SuSE Linux Personal 9.2.0 X86 64
• SuSE Linux Personal 9.3.0
• SuSE Linux Personal 9.3.0 X86 64
• SuSE Linux Professional 10.0.0
• SuSE Linux Professional 10.0.0 OSS
• SuSE Linux Professional 9.2.0
• SuSE Linux Professional 9.2.0 X86 64
• SuSE Linux Professional 9.3.0
• SuSE Linux Professional 9.3.0 X86 64
• SuSE Novell Linux Desktop 9.0.0

References

• BugTraq: 14945
• CVE: CVE-2005-2710