Intrusion PreventionRealNetwork.RealPlayer.ierpplug.dll.Playlist.Buffer.Overflow
Description
RealPlayer is a cross-platform media player by RealNetworks that plays a number of multimedia formats including MP3, MPEG-4, QuickTime, Windows Media, and multiple versions of proprietary RealAudio and RealVideo formats.
RealNetworks has issued a fix for a vulnerability identified as a malicious web page which affects the import method of an Active X control to cause a stack overflow in the Realplayer. CVE-2007-5601. This posting is applicable to versions of the product downloaded before October 25th, 2007.
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
Attackers can exploit this issue to execute arbitrary code in the context of the application using the affected control (typically Internet Explorer). Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
Affected Products
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.0
Real Networks RealPlayer 11 Beta
Impact
Attackers can exploit this issue to execute arbitrary code in the context of the application using the affected control (typically Internet Explorer). Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
Recommended Actions
RealPlayer 10.5 and RealPlayer 11 beta users should install the patch per the instructions below to address this security vulnerability that aims to cause buffer overflow that could provide the potential for an attacker to run arbitrary or malicious code on a user's PC.
RealOne Player, RealOne Player v2 and RealPlayer 10 users should upgrade immediately to RealPlayer 10.5 or RealPlayer 11 beta following the instructions below.
* For Windows XP, Windows 2000, Windows 98, Windows ME:
patch for RealPlayer 10.5 and RealPlayer 11 beta: patch for RealOne Player and RealPlayer 10:
* For Windows Vista:
download a new player from the web: http://www.real.com/player
Macintosh and Linux versions of RealPlayer are not at risk for this vulnerability. In addition, RealPlayer 8 and earlier versions of RealNetworks software for Windows are not affected. We are committed to providing our customers with timely and comprehensive information about our software. As such, we encourage users to check this site periodically for the latest updates.
For FortiGate users, turning on these IPS signatures can prevent exploitation of this vulnerability:
RealPlayer.ierpplug.dll.Playlist.Name.Buffer.Overflow
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-10 | 25.619 | Sig Added |
| 2023-07-31 | 25.611 | Name:RealPlayer. ierpplug. dll. Playlist. Name. Buffer. Overflow:RealNetwork. RealPlayer. ierpplug. dll. Playlist. Buffer. Overflow |
| ID | 15099 |
| Created | Oct 23, 2007 |
| Updated | Aug 11, 2023 |
| Risk |
|
| CVE ID | CVE-2007-5601 |
| Exploit Prediction Score | 96.16% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Real |