| VID |
28088 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The RealOne/RealPlayer Player has multiple remote buffer overflow vulnerabilities.
RealOne / RealPlayer is one of the most widely used products for internet media delivery. Multiple buffer overflow vulnerabilities have been discovered in RealOne Player, where the most serious potentially can be exploited by remote attackers to compromise a vulnerable system. A vulnerability in default installations of the affected software could allow malicious code to be executed with little user interaction. By forcing a browser to a website containing such a file, code could be executed on the target machine running in the context of the logged on user, alternatively the end user would be required to open the attachment.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.eeye.com/html/research/upcoming/20040811.html
http://www.securitytracker.com/alerts/2004/Aug/1010931.html
* Platforms Affected:
Real Networks RealOne Player 6.0.11 .872
Real Networks RealOne Player 6.0.11 .868
Real Networks RealOne Player 6.0.11 .853
Real Networks RealOne Player 6.0.11 .841
Real Networks RealOne Player 6.0.11 .830
Real Networks RealOne Player 6.0.11 .818
Real Networks RealOne Player Gold for Windows 6.0.10 .505
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of September 2004.
When new fixed version becomes available, it can be applied via the "Check for Update" feature.
For RealOne Player, RealOne Player v2 (localized languages) and RealPlayer 10 Beta:
1. In the Tools menu select Check for Update.
2. Select the box next to the "RealPlayer 10" (English) or "RealOne Player" (localized) component.
3. Click the Install button to download and install the update. |
| Related URL |
(CVE) |
| Related URL |
10934 (SecurityFocus) |
| Related URL |
(ISS) |
|
