Signature Detail
Short Name |
SMTP:REALPLAYER-WAV-BO |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
SMTP |
Keywords |
RealNetworks RealPlayer WAV File Processing Buffer Overflow |
Release Date |
2010/09/28 |
Update Number |
1780 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: RealNetworks RealPlayer WAV File Processing Buffer Overflow
This signature detects attempts to exploit a known vulnerability in RealNetworks RealPlayer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the process's user.
Extended Description
RealNetworks RealPlayer and RealOne Player are reported prone to an unspecified buffer overflow vulnerability. It is reported that the issue manifests when a malicious WAV file is processed. The vulnerability affects heap-based memory. A remote attacker may exploit this vulnerability to execute arbitrary code in the context of a user that uses a vulnerable version of the media player to play a malicious WAV file.
Affected Products
- Real Networks Helix Player for Linux 1.0.0
- Real Networks RealOne Player 1.0.0
- Real Networks RealOne Player 6.0.11 .818
- Real Networks RealOne Player 6.0.11 .830
- Real Networks RealOne Player 6.0.11 .840
- Real Networks RealOne Player 6.0.11 .841
- Real Networks RealOne Player 6.0.11 .853
- Real Networks RealOne Player 6.0.11 .868
- Real Networks RealOne Player 6.0.11 .872
- Real Networks RealOne Player for OSX 9.0.0 .288
- Real Networks RealOne Player for OSX 9.0.0 .297
- Real Networks RealPlayer 10.0.0
- Real Networks RealPlayer 10.5.0 V6.0.12.1040
- Real Networks RealPlayer 10.5.0 V6.0.12.1053
- Real Networks RealPlayer 10.5.0 V6.0.12.1056
- Real Networks RealPlayer 8.0.0 Mac
- Real Networks RealPlayer 8.0.0 Unix
- Real Networks RealPlayer 8.0.0 Win32
- Real Networks RealPlayer 10 for Linux
- Real Networks RealPlayer 10 for Mac OS 10.0.0.305
- Real Networks RealPlayer 10 for Mac OS 10.0.0.325
- Real Networks RealPlayer 10 for Mac OS
- Real Networks RealPlayer Enterprise 1.1.0
- Real Networks RealPlayer Enterprise 1.2.0
- Real Networks RealPlayer Enterprise 1.5.0
- Real Networks RealPlayer Enterprise 1.6.0
- Real Networks RealPlayer Enterprise
- Real Networks RealPlayer For Unix 10.0.3
- Red Hat Desktop 3.0.0
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux WS 3
References
- BugTraq: 12697
- CVE: CVE-2005-0611