Subscribe to Windows IT Pro
October 28, 2004 12:00 AM

Arbitrary Code Execution Vulnerability in RealPlayer

Ken Pfeil
Windows IT Pro
InstantDoc ID #44359
Rating: (0)

Reported October 28, 2004, by  eEye Digital Security

VERSIONS AFFECTED

  • RealPlayer 10.5 (6.0.12.1053 and earlier)
  • RealPlayer 10
  • RealOne Player versions 1 and 2

 

DESCRIPTION
A vulnerability in RealPlayer could result in the remote execution of arbitrary code on the vulnerable system. When an .rjs file containing a long filename (larger than about 0x8000 bytes) is opened, either in RealPlayer or through a Web browser, a stack-based buffer overflow occurs, allowing an exception-handler record to be overwritten and the Execution Instruction Point (EIP) to be hijacked.

VENDOR RESPONSE
The author, RealNetworks, has released a patch (available via the Check for Update menu item under Tools on the RealPlayer menu bar) to address this vulnerability.

CREDIT
Discovered by eEye Digital Security.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
    There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.