Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:REAL:PLAYER-MAL-META-FILE

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 RealPlayer Malicious Metafile Download

Release Date

 2004/11/03

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: RealPlayer Malicious Metafile Download


This signature detects attempts to exploit a known vulnerability against RealJukebox. Attackers can attempt to download a malicious RealJukebox Metafile (.rm) file through HTTP. A successful exploit can allow the execution of arbitrary code on the affected system.

Extended Description

RealPlayer and RealOne Player are prone to a remote integer overflow vulnerability. It is reported that the vulnerability exists in the 'pnen3260.dll' linked library of both RealPlayer and RealOne Player for Microsoft Windows, Linux, and Mac OS platforms. The 'pnen3260.dll' library is responsible for processing real-media '.rm' files. The overflow will cause the corruption of heap-based memory management structures. Ultimately this may permit an attacker to write to an arbitrary location in the memory of the active process and in doing so control execution flow. A remote attacker may therefore exploit this vulnerability to execute arbitrary attacker-supplied instructions in the context of a user that is running a vulnerable version of the software. This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.

Affected Products

  • Real Networks Helix Player for Linux 1.0.0
  • Real Networks RealOne Player 1.0.0
  • Real Networks RealOne Player 2.0.0
  • Real Networks RealOne Player for OSX 9.0.0 .288
  • Real Networks RealOne Player for OSX 9.0.0 .297
  • Real Networks RealPlayer 10.0.0
  • Real Networks RealPlayer 10.0.0 BETA
  • Real Networks RealPlayer 10.0.0 v6.0.12.690
  • Real Networks RealPlayer 10.5.0
  • Real Networks RealPlayer 10.5.0 Beta v6.0.12.1016
  • Real Networks RealPlayer 10.5.0 V6.0.12.1040
  • Real Networks RealPlayer 8.0.0 Mac
  • Real Networks RealPlayer 8.0.0 Unix
  • Real Networks RealPlayer 8.0.0 Win32
  • Real Networks RealPlayer 10 English
  • Real Networks RealPlayer 10 German
  • Real Networks RealPlayer 10 Japanese
  • Real Networks RealPlayer 10 for Linux
  • Real Networks RealPlayer 10 for Mac OS beta
  • Real Networks RealPlayer 8
  • Real Networks RealPlayer Enterprise

References

  • BugTraq: 11309
  • CVE: CVE-2004-1481
  • URL: http://www.juniper.net/security/auto/vulnerabilities/vuln1832.html
  • URL: http://service.real.com/help/faq/security/040928_player/EN/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out