CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2005-92
Real Player/Helix Player Remote format string Vulnerability

Original Issue Date: September 27, 2005

Severity Rating: High

Applications Affected

Helix Player 1.0.5 Gold and prior (Linux)
RealPlayer 10.0.5 Gold and prior (Linux)

Overview

A format string vulnerability has been reported in HelixPlayer/RealPlayer, which could be exploited by malicious attackers to execute arbitrary commands on the affected system.

Description

HelixPlayer/RealPlayer are reported to be vulnerable to a format string error, while processing specially crafted ".rp" (relpix) or ".rt" (realtext) files. This vulnerability could be exploited by malicious remote attackers to execute arbitrary commands on a vulnerable system by tricking users to play crafted malicious rp/rt files.

Workaround

Do not open untrusted media files.

Vendor Information

Real
www.real.com

References

Secunia
http://secunia.com/advisories/16961/

Frsirt
http://www.frsirt.com/english/advisories/2005/1855

An open security advisory #13
http://www.open-security.org/advisories/13

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91 11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2005-92 Real Player/Helix Player Remote format string Vulnerability

CERT-In Vulnerability Note CIVN-2005-92
Real Player/Helix Player Remote format string Vulnerability