Intrusion Prevention

RealNetworks.Products.Remote.Buffer.Overflow

Description

This indicates an attack attempt to exploit a buffer-overflow vulnerability in RealNetworks Products.
The vulnerability is caused by an error that occurs when the vulnerable
software handles malformed MP3, RM, SMIL, SWF, RAM and PLS files. A remote attacker may exploit this to execute arbitrary code via a crafted media file.

Affected Products

Real Networks RealPlayer Enterprise
Real Networks RealPlayer 8
Real Networks RealPlayer 10 for Mac OS 10.0 481
Real Networks RealPlayer 10 for Mac OS 10.0 412
Real Networks RealPlayer 10 for Mac OS 10.0 396
Real Networks RealPlayer 10 for Mac OS 10.0 352
Real Networks RealPlayer 10 for Mac OS 10.0.0.331
Real Networks RealPlayer 10 for Mac OS 10.0.0.325
Real Networks RealPlayer 10 for Mac OS 10.0.0.305
Real Networks RealPlayer 10 for Linux 10.0.8
Real Networks RealPlayer 10 for Linux 10.0.7
Real Networks RealPlayer 10 for Linux 10.0.6
Real Networks RealPlayer 10 for Linux 10.0.5
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.0
+ S.u.S.E. cvsup-16.1h-43.i586.rpm
+ S.u.S.E. Linux Personal 9.3
+ S.u.S.E. Linux Personal 9.2
Real Networks RealOne Player for Mac 0
Real Networks RealOne Player 2.0
Real Networks RealOne Player 1.0
Real Networks Helix Player for Linux 10.0.7
Real Networks Helix Player for Linux 10.0.6
Real Networks Helix Player for Linux 10.0.5
Real Networks Helix Player for Linux 10.0 8

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the patch, available from the following web site:
http://service.real.com/realplayer/security/10252007_player/en/