RealPlayer/RealOne/HelixPlayer Multiple Buffer Overflows

Posted on Friday, October 26, 2007 @ 21:27:14 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA27361

VERIFY ADVISORY: http://secunia.com/advisories/27361/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
RealPlayer 10.x - http://secunia.com/product/2968/
RealPlayer Enterprise 1.x - http://secunia.com/product/3342/
RealOne Player 1.x - http://secunia.com/product/666/
RealOne Player 2.x - http://secunia.com/product/2378/
Helix Player 1.x - http://secunia.com/product/3970/

DESCRIPTION: Multiple vulnerabilities have been reported in RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors when processing various media and playlist files (e.g. mp3, rm, SMIL, swf, ram, pls) and can be exploited to cause heap-based and stack-based buffer overflows via specially-crafted files.

The following products are affected by one or all vulnerabilities (see vendor's advisory for details):
* RealPlayer 10.5 (6.0.12.1040-6.0.12.1578, 6.0.12.1698, 6.0.12.1741)
* RealPlayer 10
* RealOne Player v2
* RealOne Player v1
* RealPlayer 8
* RealPlayer Enterprise
* Mac RealPlayer 10.1 (10.0.0. 481)
* Mac RealPlayer 10.1 (10.0.0.396 - 10.0.0.412)
* Mac RealPlayer 10 (10.0.0.352)
* Mac RealPlayer 10 (10.0.0.305 - 331)
* Mac RealOne Player
* Linux RealPlayer 10 (10.0.5 - 10.0.8)
* Helix Player (10.0.5 - 10.0.8)

SOLUTION: Update to the latest versions. Please see the vendor's advisory for details. http://service.real.com/realplayer/security/10252007_player/en/

PROVIDED AND/OR DISCOVERED BY: The vendor credits:
* John Heasman, NGS Software
* Piotr Bania
* Anonymous researchers, reported via ZDI

ORIGINAL ADVISORY: RealNetworks: http://service.real.com/realplayer/security/10252007_player/en/