• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RealOne Player SMIL File Heap Corruption Vulnerability

A buffer overrun has been discovered in RealPlayer/RealOne Player.

By constructing a malicious Synchronized Multimedia Integration Language (SMIL) file, it may be possible to trigger the overrun. Successful exploitation of this issue will result in heap corruption, which may allow for the execution of attacker-supplied code.

** Reports indicate that the patch for this issue supplied by Real Networks does not correct the problem.