SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   RealOne (RealPlayer) Vendors:   RealNetworks
RealPlayer 'embd3260.dll' Heap Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1010396
SecurityTracker URL:  http://securitytracker.com/id/1010396
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jun 11 2004
Original Entry Date:  Jun 4 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): RealPlayer 8 (all languages), RealPlayer 10 (English, German and Japanese), RealPlayer Enterprise (all versions, standalone and "as configured" by the RealPlayer Enterprise Manager), RealOne Player (English), RealOne Player v2 (all languages)
Description:   A vulnerability was reported in RealPlayer in 'embd3260.dll'. A remote user can execute arbitrary code on the target system.

eEye Digital Security reported that a remote user can cause arbitrary code to be executed by the target user's RealPlayer "with little user interaction." Default installations are affected, the report said.

It is reported that a remote user can create a specially crafted movie file and an HTML file that, when loaded by the target user, will cause arbitrary code to be executed on the target user's computer. The code will run with the privileges of the target user.

The flaw is reportedly triggered in embd3260.dll by an error message in the following form:

"mem://[address]/[movie file name]"

The software does not properly calculate the size of the buffer intended to hold the error message, the report said.

The vendor was reportedly notified on May 14, 2004.

The full advisory is available at:

http://www.eeye.com/html/research/advisories/AD20040610.html

Impact:   A remote user can cause the player to execute arbitrary code with the privileges of the target user.
Solution:   RealNetworks has issued a fix, described at:

http://www.service.real.com/help/faq/security/040610_player/EN/

For RealOne Player, RealOne Player v2 (all languages) and RealPlayer 10 (English, German, Japanese only), the vendor has provided the following steps to update your Player [quoted]:

1. In the Tools menu select Check for Update.
2. Select the box next to the "Security Update - June 2004" component.
3. Click Install to download and install the update.

For RealPlayer 8 (version 6.0.9.584), there is no fix. The vendor recommends that you upgrade to RealPlayer 10 as follows [quoted]:

1. Go to the Help menu.
2. Select Check for Update.
3. Select the box next to the "RealPlayer 10" (English, German, or Japanese) or "RealOne Player" (other languages) component.
4. Click Install to download and install the update.
5. Then, follow steps outlined above for RealPlayer 10 to add any additional security fixes.

For RealPlayer Enterprise Solution, the vendor indicates that you should contact your Technical Account Manager or RealNetworks Customer Support:

http://service.real.com/helix/

Vendor URL:  www.service.real.com/help/faq/security/040610_player/EN/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  http://www.eeye.com/html/Research/Upcoming/20040514.html


http://www.eeye.com/html/Research/Upcoming/20040514.html

 > EEYEB-20040514

eEye Digital Security reported a vulnerability in RealPlayer.  A remote user can cause 
arbitrary code to be executed "with little user interaction."

Default installations are affected.

No further details were provided pending vendor notification and correction.

The vendor was reportedly notified on May 14, 2004.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC