>> RealPlayer and RealOne Player Multiple Remote Vulnerabilities
Title : RealPlayer and RealOne Player Multiple Remote Vulnerabilities VUPEN ID : VUPEN/ADV-2005-0866 CVE ID : CVE-2005-1766 - CVE-2005-2052 - CVE-2005-2054 - CVE-2005-2055 CWE ID : CWE-
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-06-23
Technical Description
Multiple vulnerabilities were identified in various RealNetworks products, which could be exploited by remote attackers to execute arbitrary commands.
- The first issue occurs when processing specially crafted MP3 files, which could be exploited by attackers to overwrite arbitrary files or execute ActiveX controls on a vulnerable system.
- The second vulnerability is due to a heap overflow error in the RealText file format parser that does not properly handle specially crafted RealMedia files, which could be exploited via malicious websites to execute arbitrary commands with the privileges of the logged in user.
- The third flaw is due to a buffer overflow error in the "vidplin.dll" file that does not properly handle specially crafted AVI files, which could be exploited via malicious websites to execute arbitrary commands with the privileges of the logged in user.
- The fourth vulnerability is due to an unspecified error, which could be combined with default settings of earlier Internet Explorer browsers and exploited by a malicious website to create a local HTML file and then trigger an RM file to play which would then reference this local HTML file.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
