RSS News Feed News Feed XML News Feed

Home

A.P.B.

Designs

Virus

Exploits

Primers

Definitions

Movies

Police Forces

Home > Exploits > Software/Hardware > RealNetworks RealPlayer Format String Vulnerability

 

Vulnerability: RealNetworks RealPlayer Format String Vulnerability

Bugtraq ID: 14945

CVE: CAN-2005-2710

US-CERT: 361181

Credit: iDefense Labs, C0ntexb, FrSIRT

Vulnerable: Linux RealPlayer 10 and Helix Player 1

Patch: A vendor-supplied patch is available in the form of an upgrade

 

An attacker could remotely execute code on a vulnerable system because of an exploitable format string vulnerability found in Linux and Unix versions of the Helix Player and RealPlayer.  To exploit this vulnerability, simply specify an invalid value for the "time format attribute" in a realpix file.

The remote attacker could then run any code allowed on the system by the current user.  If the malicious realpix file (.rp) were embedded in either a web page or an e-mail message, no user interaction would even be required provided either RealPlayer or Helix Player is the default media player.

 

 

Copyright (c) 2007, 2008  A. Ryan Robbins.  All Rights Reserved.

 

 

Google
 
Web ycopfiles.com

 

 

Privacy

Copyright

About

Contact

Site Map

Blog Frog