[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Possible zero-day exploit (RealPlayer)

Subject: [ale] Possible zero-day exploit (RealPlayer)
From: stephen at bee.net (Stephen Cristol)
Date: Tue, 27 Sep 2005 11:50:01 -0400

This is everything I know on the subject; I'm just passing along news.

S

 From the SANS website (http://isc.sans.org/diary.php?storyid=707):

> Possible New Zero-Day Exploit for Realplayer
> ?
> Published: 2005-09-27, Last Updated: 2005-09-27 04:54:47 UTC
> FrSIRT is reporting a zero day exploit against client side Realplayer 
> and Helix Player.? This exploit takes advantage of a format string 
> error which can be exploit by using specially crafted ".rp" (relpix) 
> or ".rt" (realtext) files.? The affected versions are
>
>  Helix Player 1.0.5 Gold and prior (Linux)
>  RealPlayer 10.0.5 Gold and prior (Linux)
>
>  There is no known fix at this time.? 
> http://service.real.com/help/faq/security/ has not posted information 
> on this yet.? Stay tuned for further updates as we have them.

-- 
Stephen Cristol
cristol at emory.edu

Follow-Ups:
- [ale] Possible zero-day exploit (RealPlayer)
  - From: mhw at wittsend.com (Michael H. Warfield)

Prev by Date: [ale] HOW2 use -> documentation of ~.tex files ?
Next by Date: [ale] capturing windows com port output
Previous by thread: [ale] Infringing Microsoft's look and feel?
Next by thread: [ale] Possible zero-day exploit (RealPlayer)
Index(es):
- Date
- Thread