2/4/2004
Name: RealPlayer & RealOne Player Buffer Overruns
Systems Affected
Severity: High Risk
Vendor URL: http://www.real.com/

Description
***********
RealOne / RealPlayer is one of the most widely used products for internet media delivery.
There are currently in excess of 200 million users worlwide
of these products.
Details
*******
By crafting malformed .RP, .RT, .RAM, .RPM& .SMIL files it is possible to cause heap and stack based overruns in RealPlayer / RealOne Player.

By forcing a browser to a website containing such a file, code could be exectued on the target machine running in the context of the logged on user, alternatively the end user would be required to open the attachment (except
in the case of the .RPM file)
Fix Information
***************
REAL have supplied a patch for this and other problems discovered by Jouko Pynnönen and can be downloaded from REAL's website.
Detailed below is REAL's instruction listed in their own advisory found at:
http://service.real.com/help/faq/security/040123_player/EN/
to remediate these issues.
RealOne Player, RealOne Player v2 (localized languages) and RealPlayer 10 Beta customers please use the
following steps to update your Player:
*
In the Tools menu select Check for Update.
*
Select the box next to the "RealPlayer 10" (English) or "RealOne Player"
(localized) component.
*
Click the Install button to download and install the update.
RealPlayer 8 (version 6.0.9.584):
*
Go to the Help menu.
*
Select "Check for Update".
*
Select the box next to the "RealPlayer 10" (English) or "RealOne Player"
(localized) component.
*
Click the Install button to download and install the update.

Connect with us or request a quote.

WEBPRO
Since 1994, WEBPRO has perfected Front Page Marketing that drives more qualified traffic!









Business or Industry:
Geography:
Package:
Submit Message