RealPlayer 'embd3260.dll' Heap Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1010396
|
|
SecurityTracker URL: http://securitytracker.com/id?1010396
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Updated: Jun 11 2004
|
Original Entry Date: Jun 4 2004
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: eEye Digital Security
|
Version(s): RealPlayer 8 (all languages), RealPlayer 10 (English, German and Japanese), RealPlayer Enterprise (all versions, standalone and "as configured" by the RealPlayer Enterprise Manager), RealOne Player (English), RealOne Player v2 (all languages)
|
Description: A vulnerability was reported in RealPlayer in 'embd3260.dll'. A remote user can execute arbitrary code on the target system.
eEye Digital Security reported that a remote user can cause arbitrary code to be executed by the target user's RealPlayer "with little
user interaction." Default installations are affected, the report said.
It is reported that a remote user can create a specially
crafted movie file and an HTML file that, when loaded by the target user, will cause arbitrary code to be executed on the target
user's computer. The code will run with the privileges of the target user.
The flaw is reportedly triggered in embd3260.dll
by an error message in the following form:
"mem://[address]/[movie file name]"
The software does not properly calculate the
size of the buffer intended to hold the error message, the report said.
The vendor was reportedly notified on May 14, 2004.
The
full advisory is available at:
http://www.eeye.com/html/research/advisories/AD20040610.html
|
Impact: A remote user can cause the player to execute arbitrary code with the privileges of the target user.
|
Solution: RealNetworks has issued a fix, described at:
http://www.service.real.com/help/faq/security/040610_player/EN/
For RealOne Player,
RealOne Player v2 (all languages) and RealPlayer 10 (English, German, Japanese only), the vendor has provided the following steps
to update your Player [quoted]:
1. In the Tools menu select Check for Update.
2. Select the box next to the "Security Update
- June 2004" component.
3. Click Install to download and install the update.
For RealPlayer 8 (version 6.0.9.584), there is
no fix. The vendor recommends that you upgrade to RealPlayer 10 as follows [quoted]:
1. Go to the Help menu.
2. Select Check
for Update.
3. Select the box next to the "RealPlayer 10" (English, German, or Japanese) or "RealOne Player" (other languages)
component.
4. Click Install to download and install the update.
5. Then, follow steps outlined above for RealPlayer 10 to add
any additional security fixes.
For RealPlayer Enterprise Solution, the vendor indicates that you should contact your Technical
Account Manager or RealNetworks Customer Support:
http://service.real.com/helix/
|
Vendor URL: www.service.real.com/help/faq/security/040610_player/EN/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 04 Jun 2004 09:01:13 -0400
Subject: http://www.eeye.com/html/Research/Upcoming/20040514.html
|
http://www.eeye.com/html/Research/Upcoming/20040514.html
> EEYEB-20040514
eEye Digital Security reported a vulnerability in RealPlayer. A remote user can cause
arbitrary code to be executed "with little user interaction."
Default installations are affected.
No further details were provided pending vendor notification and correction.
The vendor was reportedly notified on May 14, 2004.
|
|
