AOH :: HP Unsorted R :: B06-1541.HTM

Realplayer .swf multiple remote memory corruption vulnerabilities



Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities
Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities



Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities

By Sowhat of Nevis Labs
Date: 2006.03.22

http://www.nevisnetworks.com 
http://secway.org/advisory/AD20060322.txt 

CVE: CVE-2006-0323
US CERT: VU#231028

Vendor
RealNetworks Inc.

Products affected:

Windows
RealPlayer 8
RealOne Player & RealOne Player V2
RealPlayer 10
RealPlayer 10.5

Macintosh
RealOne Player
RealPlayer 10

Linux
RealPlayer 10


Overview:

RealPlayer is an application for playing various media formats,
developed by RealNetworks Inc. For more information, visit
http://www.real.com/. 

Details:

There are multiple vulnerabilities found in swfformat.dll.
A carefully crafted .swf file may execute arbitrary code or crash the
RealPlayer.

By persuading a user to access a specially crafted SWF file with RealPlayer,
a remote attacker may be able to execute arbitrary code.
And also, these vulnerabilities can be triggered remotely through ActiveX
in IE.

By setting the size of SWF files to a value smaller than the actual size,
you can trigger one of the vulnerabilities.

Actually, there are multiple holes that have been fixed in swfformat.dll.

POC:

No PoC will be released for this.


FIX:

http://service.real.com/realplayer/security/03162006_player/en/ 


Vendor Response:

2005.10.07 Vendor notified via email
2005.10.07 Vendor responded
2005.03.22 Patch released
2006.04.11 Advisory released


Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes 
names for security problems.


        CVE-2006-0323


Greetings to Paul Gese@real.com, Chi, OYXin, Narasimha Datta and all 
 Nevis Labs guys.


References:

1. http://service.real.com/realplayer/security/03162006_player/en/ 
2. http://www.kb.cert.org/vuls/id/231028 
3. http://www.macromedia.com/licensing/developer/fileformat/faq/ 
4. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323 
5. http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml 
6. http://www.novell.com/linux/security/advisories/2006_18_realplayer.html 
7. http://secunia.com/advisories/19358/ 




--
Sowhat
http://secway.org 
"Life is like a bug, Do you know how to exploit it ?"

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.