lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue Apr 11 12:47:43 2006
From: smaillist at gmail.com (Sowhat)
Subject: Realplayer .SWF Multiple Remote Memory Corruption
	Vulnerabilities

Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities

By Sowhat of Nevis Labs
Date: 2006.03.22

http://www.nevisnetworks.com
http://secway.org/advisory/AD20060322.txt

CVE: CVE-2006-0323
US CERT: VU#231028

Vendor
RealNetworks Inc.

Products affected:

Windows
RealPlayer 8
RealOne Player & RealOne Player V2
RealPlayer 10
RealPlayer 10.5

Macintosh
RealOne Player
RealPlayer 10

Linux
RealPlayer 10


Overview:

RealPlayer is an application for playing various media formats,
developed by RealNetworks Inc. For more information, visit
http://www.real.com/.

Details:

There are multiple vulnerabilities found in swfformat.dll.
A carefully crafted .swf file may execute arbitrary code or crash the
RealPlayer.

By persuading a user to access a specially crafted SWF file with RealPlayer,
a remote attacker may be able to execute arbitrary code.
And also, these vulnerabilities can be triggered remotely through ActiveX
in IE.

By setting the size of SWF files to a value smaller than the actual size,
you can trigger one of the vulnerabilities.

Actually, there are multiple holes that have been fixed in swfformat.dll.

POC:

No PoC will be released for this.


FIX:

http://service.real.com/realplayer/security/03162006_player/en/


Vendor Response:

2005.10.07 Vendor notified via email
2005.10.07 Vendor responded
2005.03.22 Patch released
2006.04.11 Advisory released


Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.


        CVE-2006-0323


Greetings to Paul Gese@...l.com, Chi, OYXin, Narasimha Datta and all
 Nevis Labs guys.


References:

1. http://service.real.com/realplayer/security/03162006_player/en/
2. http://www.kb.cert.org/vuls/id/231028
3. http://www.macromedia.com/licensing/developer/fileformat/faq/
4. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323
5. http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml
6. http://www.novell.com/linux/security/advisories/2006_18_realplayer.html
7. http://secunia.com/advisories/19358/




--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ