Reported February 4, 2004 by NGSSoftware.

 

 

VERSIONS AFFECTED

 

  • RealOne Player

  • RealOne Player v2

  • RealOne Enterprise Desktop

  • RealPlayer Enterprise (all language versions, all platforms)

 

DESCRIPTION

 

RealNetworks' RealOne Player and RealPlayer contain multiple vulnerabilities, the most serious of which can result in arbitrary code execution on the vulnerable system. This vulnerability is a result of a flaw in the way the SurfNOW proxy server handles long HTTP headers. By crafting malformed .RP, .RT, .RAM, .RPM, and .SMIL files, an attacker can cause heap- and stack-based overruns in RealOne Player and RealPlayer. By forcing a browser to a Web site that contains such a file, a malicious user can execute code on the target machine running in the context of the logged on user. Alternatively, an end user can open the attachment (except in the case of the .RPM file).

 

VENDOR RESPONSE

 

RealNetworks has issued a notice about these vulnerabilities and recommends that affected users immediately apply the available update.

 

CREDIT

 

Discovered by Mark Litchfield.