PT-2005-3519 · Realnetworks+1 · Realplayer+3
Karl Lynn
·
Published
2005-09-27
·
Updated
2018-05-03
·
CVE-2005-2629
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
RealPlayer versions 8, 10, 10.5
RealOne Player versions 1, 2
Helix Player version 10.0.0
Description
The issue is caused by an integer overflow that leads to a stack-based buffer overflow, allowing remote attackers to execute arbitrary code. This can be achieved via an .rm movie file with a large value in the length field of the first data packet.
Recommendations
For RealPlayer versions 8, 10, 10.5, update to a version that fixes the integer overflow issue.
For RealOne Player versions 1, 2, update to a version that fixes the integer overflow issue.
For Helix Player version 10.0.0, update to a version that fixes the integer overflow issue.
As a temporary workaround, consider avoiding the use of .rm movie files with large values in the length field of the first data packet until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Helix Player
Realone Player
Realplayer
Red Hat