CVE-2005-2922

Name of the Vulnerable Software and Affected Versions RealPlayer versions 10.x RealOne Player (affected versions not specified) Helix Player (affected versions not specified)

Description A heap-based buffer overflow issue exists in the embedded player of multiple RealNetworks products. This issue can be triggered by a remote malicious server via a chunked Transfer-Encoding HTTP response. The response can cause the issue in three ways: (1) by specifying the chunk header length as -1, (2) by including a chunk header with a length that is less than the actual amount of sent data, or (3) by omitting a chunk header. This can lead to a denial of service (crash) and possibly allow the execution of arbitrary code.

Recommendations For RealPlayer version 10.x: Update to a version that includes a fix for this issue. For RealOne Player: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Helix Player: At the moment, there is no information about a newer version that contains a fix for this vulnerability.