RealPlayer/Helix Player SMIL wallclock Buffer Overflow Vulnerability

ERCOLINO

Membro dello Staff
Amministratore
Registrato
3 Marzo 2003
Messaggi
252.592
Località
Torino
Secunia Advisory: SA25819
Release Date: 2007-06-27

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: Helix Player 1.x
RealPlayer 10.x

CVE reference: CVE-2007-3410 (Secunia mirror)




Description:
A vulnerability has been reported in RealPlayer and Helix Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the wallclock functionality in "SmilTimeValue::parseWallClockValue()" when handling time formats. This can be exploited to cause a stack-based buffer overflow via an SMIL file with an overly long, specially-crafted time string.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.

The vulnerability is reported in RealPlayer 10.5-GOLD. Other versions may also be affected.

Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/

Solution:
Update to the latest version.

http://www.real.com/realplayer.html



Bollettino Secunia
 
Indietro
Alto Basso