GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Sep 04, 2008 10:26 pm Post subject: [ GLSA 200809-03 ] RealPlayer: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: RealPlayer: Buffer overflow (GLSA 200809-03)
Severity: normal
Exploitable: remote
Date: September 04, 2008
Bug(s): #232997
ID: 200809-03
Synopsis
RealPlayer is vulnerable to a buffer overflow allowing for the execution of arbitrary code.
Background
RealPlayer is a multimedia player capable of handling multiple multimedia file formats.
Affected Packages
Package: media-video/realplayer
Vulnerable: < 11.0.0.4028-r1
Unaffected: >= 11.0.0.4028-r1
Architectures: All supported architectures
Description
Dyon Balding of Secunia Research reported an unspecified heap-based buffer overflow in the Shockwave Flash (SWF) frame handling.
Impact
By enticing a user to open a specially crafted SWF (Shockwave Flash) file, a remote attacker could be able to execute arbitrary code with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All RealPlayer users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/realplayer-11.0.0.4028-r1" |
References
CVE-2007-5400 |
|
News & Announcements
