# Realplayer/RealOne Buffer Overflow Vulnerability



## mimo2005 (Oct 2, 2004)

Realplayer/RealOne RAM File Processing Buffer Overflow Vulnerability


Impact: System access

Where: From remote

Solution Status: Vendor Patch 


Software: Helix Player 1.x
RealOne Player v1
RealOne Player v2
RealPlayer 10.x
RealPlayer 8
RealPlayer Enterprise 1.x






Description:
Piotr Bania has reported a vulnerability in Realplayer and RealOne, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing RAM files and can be exploited to cause a buffer overflow via a specially crafted RAM file.

Successful exploitation allows execution of arbitrary code.

The vulnerability affects the following products:
* RealPlayer 10.5 (6.0.12.1040-1059)
* RealPlayer 10
* RealOne Player v2
* RealOne Player v1
* RealPlayer 8
* RealPlayer Enterprise
* Mac RealPlayer 10 (10.0.0.305 - 331)
* Mac RealOne Player
* Linux RealPlayer 10 (10.0.0 - 3)
* Helix Player (10.0.0 - 3)

Solution:
Apply patches.

RealOne / RealPlayer for Windows and Mac:
Patches are available via the "Check for Update" feature.


----------

