Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:REAL:RAM-FILE-OF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 RealMedia RAM File Processing Buffer Overflow

Release Date

 2005/05/03

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: RealMedia RAM File Processing Buffer Overflow


This signature detects attempts to exploit a known vulnerability in RealNetworks RealPlayer products. A successful attack can lead to arbitrary code execution.

Extended Description

RealNetworks RealPlayer Enterprise is reported prone to a buffer overflow vulnerability. It is reported that the issue manifests when a malicious RAM file is parsed. A remote attacker may exploit this vulnerability to execute arbitrary code in the context of a user that uses a vulnerable version of the media player to load a malicious RAM file.

Affected Products

  • Real Networks Helix Player for Linux 1.0.0
  • Real Networks Helix Player for Linux 1.0.1
  • Real Networks Helix Player for Linux 1.0.2
  • Real Networks Helix Player for Linux 1.0.3
  • Real Networks RealOne Player 1.0.0
  • Real Networks RealOne Player 6.0.11 .818
  • Real Networks RealOne Player 6.0.11 .830
  • Real Networks RealOne Player 6.0.11 .840
  • Real Networks RealOne Player 6.0.11 .853
  • Real Networks RealOne Player 6.0.11 .868
  • Real Networks RealOne Player 6.0.11 .872
  • Real Networks RealOne Player for OSX 9.0.0 .288
  • Real Networks RealOne Player for OSX 9.0.0 .297
  • Real Networks RealPlayer 10.0.0
  • Real Networks RealPlayer 10.5.0 V6.0.12.1040
  • Real Networks RealPlayer 10.5.0 V6.0.12.1053
  • Real Networks RealPlayer 10.5.0 V6.0.12.1056
  • Real Networks RealPlayer 8.0.0 Mac
  • Real Networks RealPlayer 8.0.0 Unix
  • Real Networks RealPlayer 8.0.0 Win32
  • Real Networks RealPlayer 10 for Linux
  • Real Networks RealPlayer 10 for Mac OS 10.0.0.305
  • Real Networks RealPlayer 10 for Mac OS 10.0.0.325
  • Real Networks RealPlayer 10 for Mac OS
  • Real Networks RealPlayer Enterprise 1.1.0
  • Real Networks RealPlayer Enterprise 1.2.0
  • Real Networks RealPlayer Enterprise 1.5.0
  • Real Networks RealPlayer Enterprise 1.6.0
  • Real Networks RealPlayer Enterprise 1.7.0
  • Real Networks RealPlayer Enterprise
  • Real Networks RealPlayer For Unix 10.0.3
  • Red Hat Desktop 3.0.0
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux WS 3

References

  • BugTraq: 13264
  • CVE: CVE-2004-0258
  • CVE: CVE-2004-0550
  • CVE: CVE-2005-0755
  • URL: http://pb.specialised.info/all/adv/real-ram-adv.txt
  • URL: http://service.real.com/help/faq/security/050419_player/EN/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out