Suggest A Fix PC Support Forums > RealOne Player allows malicious code

Full Version: RealOne Player allows malicious code

Suggest A Fix PC Support Forums > Security > Security News and Warnings

Interceptor

Nov 24 2002, 01:26 PM

Several vulnerabilities were reported in the RealOne Player that permits a remote user to execute malicious code on a victim's computer.

Two denial of service (DoS) vunerabilities were discovered in RealOne.

The first involves Synchronized Multimedia Integration Language (SMIL) file. If the file contains a large number of characters in the metadata, it could casue the player to crash.

The second involves large file names for local/rtsp or http urls. If a user right-clicks in Now Playing selects 'edit clip info' or right-clicks in Now Playing and selects 'copy to my Library', the player could crash.

The issue causing the most concern is a parsing error in the player code that loads sources within RealFlash presentations. If a buffer overflow is triggered it may cause malicious code to be executed when the victim views malicious content.

A patch has been issued by the vendor.

Real.com

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.