| Poll | |
What would you like to see on SecurityTeamUS?
96 votes | 0 comments
| |
| Events | |
|
There are no upcoming events | |
|
| |
RealPlayer/RealOne "DUNZIP32.dll" Buffer Overflow Vulnerability |
|
Wednesday, October 27 2004 @ 04:20 PM EDT
|
 eEye Digital Security has reported a vulnerability in RealPlayer and RealOne,
which potentially can be exploited by malicious people to compromise a user's
system.
The vulnerability is caused due to a boundary error in a 3rd-party compression
library (DUNZIP32.dll) when processing skin files. This can be exploited to
cause a buffer overflow via a specially crafted skin file.
Successful exploitation allows execution of arbitrary code.
The vulnerability affects the following versions:
* RealPlayer 10.5 (prior to build 6.0.12.1056)
* RealPlayer 10
* RealOne Player v2
* RealOne Player v1
SOFTWARE:
RealOne Player v1
RealOne Player v2
RealPlayer 10.x
SOLUTION:
Fixes are available via the "Check for Update" feature.
PROVIDED AND/OR DISCOVERED BY:
eEye Digital Security
ORIGINAL ADVISORY:
RealNetworks:
http://www.service.real.com/help/faq/security/041026_player/EN/
|
|
|
Contribute :
Advanced Search :
Web Resources :
Polls :
File Repository
