Secunia Advisory: SA25819
Release Date: 2007-06-27
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Helix Player 1.x
RealPlayer 10.x
CVE reference: CVE-2007-3410 (Secunia mirror)
Description:
A vulnerability has been reported in RealPlayer and Helix Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the wallclock functionality in "SmilTimeValue:
arseWallClockValue()" when handling time formats. This can be exploited to cause a stack-based buffer overflow via an SMIL file with an overly long, specially-crafted time string.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
The vulnerability is reported in RealPlayer 10.5-GOLD. Other versions may also be affected.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Update to the latest version.
http://www.real.com/realplayer.html
Bollettino Secunia
Release Date: 2007-06-27
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Helix Player 1.x
RealPlayer 10.x
CVE reference: CVE-2007-3410 (Secunia mirror)
Description:
A vulnerability has been reported in RealPlayer and Helix Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the wallclock functionality in "SmilTimeValue:
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
The vulnerability is reported in RealPlayer 10.5-GOLD. Other versions may also be affected.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Update to the latest version.
http://www.real.com/realplayer.html
Bollettino Secunia