[PCWorks] RealPlayer IVR File Processing Two Vulnerabilities

• From: Peter Kaulback <peter@xxxxxxxxxxxxxxxxx>
• To: pcworks <pcworks@xxxxxxxxxxxxx>
• Date: Tue, 10 Feb 2009 10:51:37 -0500

RealPlayer IVR File Processing Two Vulnerabilities
Secunia Advisory:       SA33810         

Release Date:   2009-02-10
Popularity:     297 views

Critical:       
Highly critical

Impact:         DoS
System access

Where:  From remote

Solution Status:        Vendor Patch

Software:       RealPlayer 11.x

Subscribe:      Instant alerts on relevant vulnerabilities

CVE reference:  CVE-2009-0375
CVE-2009-0376


Description:
Some vulnerabilities have been reported in RealPlayer, which can be 
exploited by malicious people to compromise a vulnerable system.

1) An input validation error within the processing of Internet Video 
Recording (IVR) files can be exploited to cause a memory corruption when 
a specially crafted IVR file is viewed.

2) An unspecified error within the processing of IVR files can be 
exploited to write a NULL-byte to an arbitrary memory address via an 
overly long file name length value within a specially crafted IVR file.

Successful exploitation potentially allows execution of arbitrary code 
e.g. when a user visits a malicious web page.

Solution:
According to the reporter this is fixed in the latest version of 
RealPlayer 11.

Provided and/or discovered by:
Haifei Li, Fortinet's FortiGuard Global Security Research Team

Original Advisory:
http://www.fortiguardcenter.com/advisory/FGA-2009-04.html
=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] RealPlayer IVR File Processing Two Vulnerabilities - Peter Kaulback

1. Home
2. pcworks
3. Archive
4. 02-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---