Windows
RealPlayer 8
RealOne Player & RealOne Player V2
RealPlayer 10
RealPlayer 10.5
Macintosh
RealOne Player
RealPlayer 10
Linux
RealPlayer 10
Overview:
RealPlayer is an application for playing various media formats,
developed by RealNetworks Inc. For more information, visit
http://www.real.com/.
Details:
There are multiple vulnerabilities found in swfformat.dll.
A carefully crafted .swf file may execute arbitrary code or crash the
RealPlayer.
By persuading a user to access a specially crafted SWF file with RealPlayer,
a remote attacker may be able to execute arbitrary code.
And also, these vulnerabilities can be triggered remotely through ActiveX
in IE.
By setting the size of SWF files to a value smaller than the actual size,
you can trigger one of the vulnerabilities.
Actually, there are multiple holes that have been fixed in swfformat.dll.
2005.10.07 Vendor notified via email
2005.10.07 Vendor responded
2005.03.22 Patch released
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-0323
Greetings to Paul Gese (at) real (dot) com [email concealed], Chi, OYXin, Narasimha Datta and all
Nevis Labs guys.
By Sowhat of Nevis Labs
Date: 2006.03.22
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060322.txt
CVE: CVE-2006-0323
US CERT: VU#231028
Vendor
RealNetworks Inc.
Products affected:
Windows
RealPlayer 8
RealOne Player & RealOne Player V2
RealPlayer 10
RealPlayer 10.5
Macintosh
RealOne Player
RealPlayer 10
Linux
RealPlayer 10
Overview:
RealPlayer is an application for playing various media formats,
developed by RealNetworks Inc. For more information, visit
http://www.real.com/.
Details:
There are multiple vulnerabilities found in swfformat.dll.
A carefully crafted .swf file may execute arbitrary code or crash the
RealPlayer.
By persuading a user to access a specially crafted SWF file with RealPlayer,
a remote attacker may be able to execute arbitrary code.
And also, these vulnerabilities can be triggered remotely through ActiveX
in IE.
By setting the size of SWF files to a value smaller than the actual size,
you can trigger one of the vulnerabilities.
Actually, there are multiple holes that have been fixed in swfformat.dll.
POC:
No PoC will be released for this.
FIX:
http://service.real.com/realplayer/security/03162006_player/en/
Vendor Response:
2005.10.07 Vendor notified via email
2005.10.07 Vendor responded
2005.03.22 Patch released
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-0323
Greetings to Paul Gese (at) real (dot) com [email concealed], Chi, OYXin, Narasimha Datta and all
Nevis Labs guys.
References:
1. http://service.real.com/realplayer/security/03162006_player/en/
2. http://www.kb.cert.org/vuls/id/231028
3. http://www.macromedia.com/licensing/developer/fileformat/faq/
4. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323
5. http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml
6. http://www.novell.com/linux/security/advisories/2006_18_realplayer.html
7. http://secunia.com/advisories/19358/
--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"
[ reply ]