Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities

2006-04-11 / 2006-04-12
Credit: Sowhat
Risk: High
Local: Yes
Remote: Yes
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities By Sowhat of Nevis Labs Date: 2006.03.22 http://www.nevisnetworks.com http://secway.org/advisory/AD20060322.txt CVE: CVE-2006-0323 US CERT: VU#231028 Vendor RealNetworks Inc. Products affected: Windows RealPlayer 8 RealOne Player & RealOne Player V2 RealPlayer 10 RealPlayer 10.5 Macintosh RealOne Player RealPlayer 10 Linux RealPlayer 10 Overview: RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. For more information, visit http://www.real.com/. Details: There are multiple vulnerabilities found in swfformat.dll. A carefully crafted .swf file may execute arbitrary code or crash the RealPlayer. By persuading a user to access a specially crafted SWF file with RealPlayer, a remote attacker may be able to execute arbitrary code. And also, these vulnerabilities can be triggered remotely through ActiveX in IE. By setting the size of SWF files to a value smaller than the actual size, you can trigger one of the vulnerabilities. Actually, there are multiple holes that have been fixed in swfformat.dll. POC: No PoC will be released for this. FIX: http://service.real.com/realplayer/security/03162006_player/en/ Vendor Response: 2005.10.07 Vendor notified via email 2005.10.07 Vendor responded 2005.03.22 Patch released 2006.04.11 Advisory released Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2006-0323 Greetings to Paul Gese (at) real (dot) com [email concealed], Chi, OYXin, Narasimha Datta and all Nevis Labs guys. References: 1. http://service.real.com/realplayer/security/03162006_player/en/ 2. http://www.kb.cert.org/vuls/id/231028 3. http://www.macromedia.com/licensing/developer/fileformat/faq/ 4. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323 5. http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml 6. http://www.novell.com/linux/security/advisories/2006_18_realplayer.html 7. http://secunia.com/advisories/19358/ -- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top