SecurityTracker: RealPlayer Flaws May Let Remote Users Execute Arbitrary Code or Delete Known Files

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Multimedia) > RealOne (RealPlayer)

Vendors: RealNetworks

RealPlayer Flaws May Let Remote Users Execute Arbitrary Code or Delete Known Files

SecurityTracker Alert ID: 1011449

SecurityTracker URL: http://securitytracker.com/id/1011449

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Sep 29 2004

Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 10.5 (6.0.12.1016)

Description: Several vulnerabilities were reported in RealPlayer. A remote user can execute arbitrary code on the target user's system.

RealNetworks reported that a remote user create a specially crafted RM file that, when played by the target user from the local file system, will execute arbitrary code on the target user's system.

A remote user can create a specially crafted web page to trigger a flaw in the embedded Player and execute arbitrary code on the target user's system.

A remote user can create a specially crafted web page and media file that, when loaded by the target user, will cause a specified file to be deleted on the target user's system.

RealPlayer 10.5 Beta (6.0.12.1016), RealPlayer 10, and RealOne Player v1 and v2 are affected. RealPlayer 8 and RealPlayer Enterprise are affected by the first vulnerability (malformed RM file).

For Macintosh, RealPlayer 10 and RealOne Player are affected by the first vulnerability.

For Linux, RealPlayer 10 and the Helix Player are affected by the first vulnerability.

The vendor credits John Heasman, Marc Maiffret, and other unnamed contributors with reporting these vulnerabilities.

[Editor's note: It appears that one of these vulnerabilities was previously reported in Alert ID 1010931 in August 2004.]

Impact: A remote user can execute arbitrary code on the target user's system with the privileges of the target user.

A remote user can cause a specified file on the target user's system to be deleted.

Solution: The vendor has released a fixed version (RealPlayer 10.5 (6.0.12.1053)).

Windows-based users can obtain the update via the "Tools, Check for Update" menu by selecting to install the "RealPlayer 10.5 with Harmony Technology" component.

For RealPlayer Enterprise, a patch is available at:

http://www.realnetworks.com/info/rpem-rpe-1.7/index.html

For RealOne Player for Mac OS X 10.2 and later, an upgrade is available at:

http://www.real.com/upgrade/mac_upgrade.html

For Mac OS X 10.1, an upgrade is available at:

http://forms.real.com/real/player/blackjack.html

For Linux, an update is available at:

http://www.real.com/linux

An updated Helix Player for Linux is available at:

http://player.helixcommunity.org/downloads/

Vendor URL: www.service.real.com/help/faq/security/040928_player/ (Links to External Site)

Cause: Access control error, Boundary error, State error

Underlying OS: Linux (Any), UNIX (OS X), Windows (Any)

Message History: None.

Source Message Contents

Date: Tue, 28 Sep 2004 20:24:06 -0400
Subject: http://www.service.real.com/help/faq/security/040928_player/



RealNetworks reported three vulnerabilities in RealPlayer.  A remote user can
execute arbitrary code on a target user's system.

A remote user create a specially crafted RM file that, when played by the target 
user from the local file system, will execute arbitrary code on the target user's
system.

A remote user can create a specially crafted web page to trigger a flaw in the
embedded Player and execute arbitrary code on the target user's system.

A remote user can create a specially crafted web page and media file that, when 
loaded by the target user, will cause a specified file to be deleted on the target
user's system.

The vendor credits John Heasman, Marc Maiffret, and other unnamed contributors 
with reporting these vulnerabilities.


The vendor has released a fixed version (RealPlayer 10.5 (6.0.12.1053)).

RealPlayer 10.5 Beta (6.0.12.1016), RealPlayer 10, and RealOne Player v1 and v2 	
are affected.  RealPlayer 8 and RealPlayer Enterprise are affected by the first 
vulnerability (malformed RM file).

For Macintosh, RealPlayer 10 and RealOne Player are affected by the first
vulnerability.

For Linux, RealPlayer 10 and the Helix Player are affected by the first vulnerability.

Windows-based users can obtain the update via the "Tools, Check for Update" menu 
by selecting to install the "RealPlayer 10.5 with Harmony™ Technology" component.


For RealPlayer Enterprise, a patch is available at:

http://www.realnetworks.com/info/rpem-rpe-1.7/index.html

For RealOne Player for Mac OS X 10.2 and later, an upgrade is available at:

http://www.real.com/upgrade/mac_upgrade.html

For Mac OS X 10.1, an upgrade is available at:

http://forms.real.com/real/player/blackjack.html

For Linux, an update is available at:

http://www.real.com/linux

An updated Helix Player for Linux is available at:

http://player.helixcommunity.org/downloads/

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC