[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-date: Tue, 27 Sep 2005 11:50:01 -0400 -->
- <!--x-from-r13: fgrcura ng orr.arg (Egrcura Qevfgby) -->
- <!--x-message-id: [email protected] -->
- <!--x-subject: [ale] Possible zero-day exploit (RealPlayer) -->
- <li><em>date</em>: Tue, 27 Sep 2005 11:50:01 -0400</li>
- <li><em>from</em>: stephen at bee.net (Stephen Cristol)</li>
- <li><em>subject</em>: [ale] Possible zero-day exploit (RealPlayer)</li>
S
From the SANS website (<a rel="nofollow" href="http://isc.sans.org/diary.php?storyid=707";>http://isc.sans.org/diary.php?storyid=707</a>):
> Possible New Zero-Day Exploit for Realplayer
> ?
> Published: 2005-09-27, Last Updated: 2005-09-27 04:54:47 UTC
> FrSIRT is reporting a zero day exploit against client side Realplayer
> and Helix Player.? This exploit takes advantage of a format string
> error which can be exploit by using specially crafted ".rp" (relpix)
> or ".rt" (realtext) files.? The affected versions are
>
> Helix Player 1.0.5 Gold and prior (Linux)
> RealPlayer 10.0.5 Gold and prior (Linux)
>
> There is no known fix at this time.?
> <a rel="nofollow" href="http://service.real.com/help/faq/security/";>http://service.real.com/help/faq/security/</a> has not posted information
> on this yet.? Stay tuned for further updates as we have them.
--
Stephen Cristol
cristol at emory.edu
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00596" href="msg00596.html">[ale] Possible zero-day exploit (RealPlayer)</a></strong>
<ul><li><em>From:</em> mhw at wittsend.com (Michael H. Warfield)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00593.html">[ale] HOW2 use -> documentation of ~.tex files ?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00595.html">[ale] capturing windows com port output</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00591.html">[ale] Infringing Microsoft's look and feel?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00596.html">[ale] Possible zero-day exploit (RealPlayer)</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00594"><strong>Date</strong></a></li>
<li><a href="threads.html#00594"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>