Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:REAL:PLAYER-SMIL-OF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 RealPlayer SMIL File Handling Overflow

Release Date

 2005/03/04

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: RealPlayer SMIL File Handling Overflow


This signature detects attempts to exploit a known vulnerability in the RealNetworks RealPlayer media application. Attackers can create a malformed Synchronized Multimedia Integration Language (SMIL) file that, when downloaded by a user, is processed without user intervention. Attackers can execute arbitrary code with the privileges of the target user.

Extended Description

RealNetworks RealPlayer and RealOne Player are reported prone to a remote stack based buffer overflow vulnerability. The issue exists due to a lack of boundary checks performed by the application when parsing Synchronized Multimedia Integration Language (SMIL) files. A remote attacker may execute arbitrary code on a vulnerable computer to gain unauthorized access. This vulnerability is reported to exist in RealNetworks products for Microsoft Windows, Linux, and Apple Mac platforms.

Affected Products

  • Real Networks Helix Player for Linux 1.0.0
  • Real Networks RealOne Player 1.0.0
  • Real Networks RealOne Player 6.0.11 .818
  • Real Networks RealOne Player 6.0.11 .830
  • Real Networks RealOne Player 6.0.11 .840
  • Real Networks RealOne Player 6.0.11 .841
  • Real Networks RealOne Player 6.0.11 .853
  • Real Networks RealOne Player 6.0.11 .868
  • Real Networks RealOne Player 6.0.11 .872
  • Real Networks RealOne Player for OSX 9.0.0 .288
  • Real Networks RealOne Player for OSX 9.0.0 .297
  • Real Networks RealPlayer 10.0.0
  • Real Networks RealPlayer 10.5.0 V6.0.12.1040
  • Real Networks RealPlayer 10.5.0 V6.0.12.1053
  • Real Networks RealPlayer 10.5.0 V6.0.12.1056
  • Real Networks RealPlayer 8.0.0 Win32
  • Real Networks RealPlayer 10 for Linux
  • Real Networks RealPlayer 10 for Mac OS
  • Real Networks RealPlayer Enterprise 1.1.0
  • Real Networks RealPlayer Enterprise 1.2.0
  • Real Networks RealPlayer Enterprise 1.5.0
  • Real Networks RealPlayer Enterprise 1.6.0
  • Real Networks RealPlayer Enterprise
  • Real Networks RealPlayer For Unix 10.0.3
  • Red Hat Fedora Core3

References

  • BugTraq: 12698
  • CVE: CVE-2005-0455
  • URL: http://www.idefense.com/application/poi/display?id=209&type=vulnerabilities&flashstatus=false
  • URL: http://service.real.com/help/faq/security/050224_player/EN/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out