Tja, så er Secunia igen ude med 'riven', og som sædvanlig skal man nok
tage det med en gran salt, når det gælder for deres metoder...
mvh. Erik Richard
-------- Original Message --------
Subject: Re: [SA15806] RealOne / RealPlayer / Helix Player / Rhapsody
Multiple Vulnerabilities
Date: Sat, 25 Jun 2005 14:15:03 +1000
References: <200506241228.j5OCSOJZ030665@secunia.com>
For information. Highly critical
Action appears essential.
On 24/06/2005, at 10:28 PM, Secunia Security Advisories wrote:
> Bist Du interessiert an einem neuen Job in IT-Sicherheit?
>
> Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
> Sicherheit:
>
http://secunia.com/secunia_vacancies/
>
> ----------------------------------------------------------------------
>
> TITLE:
> RealOne / RealPlayer / Helix Player / Rhapsody Multiple
> Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA15806
>
> VERIFY ADVISORY:
>
http://secunia.com/advisories/15806/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Manipulation of data, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Helix Player 1.x
>
http://secunia.com/product/3970/
> RealOne Player v1
>
http://secunia.com/product/666/
> RealOne Player v2
>
http://secunia.com/product/2378/
> RealPlayer 10.x
>
http://secunia.com/product/2968/
> RealPlayer 8
>
http://secunia.com/product/665/
> RealPlayer Enterprise 1.x
>
http://secunia.com/product/3342/
> Rhapsody 3
>
http://secunia.com/product/5287/
>
> DESCRIPTION:
> Several vulnerabilities have been reported in RealOne Player,
> RealPlayer, Helix Player and Rhapsody, which can be exploited by
> malicious people to overwrite local files or to compromise a user's
> system.
>
> 1) An unspecified error can be exploited to overwrite local files or
> to execute an ActiveX control on a user's system via a specially
> crafted MP3 file.
>
> 2) A boundary error in the "CRealTextFileFormat::ReadDone()" function
> when processing RealText streams can be exploited to cause a
> heap-based buffer overflow via a specially crafted RealMedia file.
>
> Successful exploitation allows execution of arbitrary code.
>
> 3) A boundary error in the processing of AVI movie files can be
> exploited to cause a heap-based buffer overflow via a specially
> crafted AVI movie file.
>
> Successful exploitation allows execution of arbitrary code.
>
> 4) An unspecified error can be exploited by a malicious web site to
> create a local HTML file on the user's system and then trigger a RM
> file that references this local HTML file.
>
> Successful exploitation requires that a user opens a malicious MP3,
> RealMedia or AVI file, or visits a malicious web site that causes the
> user's browser to automatically load the malicious file.
>
> The following products are affected by some or all of the
> vulnerabilities:
> * RealPlayer 10.5 (6.0.12.1040-1069)
> * RealPlayer 10
> * RealOne Player v2
> * RealOne Player v1
> * RealPlayer 8
> * RealPlayer Enterprise
> * Mac RealPlayer 10 (10.0.0.305 - 331)
> * Mac RealOne Player
> * Linux RealPlayer 10 (10.0.0 - 4)
> * Helix Player (10.0.0 - 4)
> * Rhapsody 3 (build 0.815 - 0.1006)
>
> SOLUTION:
> Apply patches.
>
> RealOne / RealPlayer for Windows and Mac:
> Patches are available via the "Check for Update" feature.
>
> RealPlayer Enterprise:
>
http://service.real.com/help/faq/security/security062305.html
>
> RealPlayer 10 for Linux:
>
http://www.real.com/linux
>
> Helix Player for Linux:
>
http://player.helixcommunity.org/downloads/
>
> Rhapsody:
> Login to get the updated software automatically.
>
> PROVIDED AND/OR DISCOVERED BY:
> 2) Discovered by anonymous person and reported via iDEFENSE.
> 3) Flashsky, eEye Digital Security.
>
> The vendor also credits John Heasman of NGS Software.
>
> ORIGINAL ADVISORY:
> RealNetworks:
>
http://service.real.com/help/faq/security/050623_player/EN/
>
http://www.service.real.com/help/faq/security/security062305.html
>
> iDEFENSE:
>
http://www.idefense.com/application/poi/display?
> id=250&type=vulnerabilities
>
> eEye Digital Security:
>
http://www.eeye.com/html/research/advisories/AD20050623.html
>
> ----------------------------------------------------------------------
>
> About:
> This Advisory was delivered by Secunia as a free service to help
> everybody keeping their systems up to date against the latest
> vulnerabilities.
>
> Subscribe:
>
http://secunia.com/secunia_security_advisories/
>
> Definitions: (Criticality, Where etc.)
>
http://secunia.com/about_secunia_advisories/
>
>
> Please Note:
> Secunia recommends that you verify all advisories you receive by
> clicking the link.
> Secunia NEVER sends attached files with advisories.
> Secunia does not advise people to install third party patches, only
> use those supplied by the vendor.
>
> ----------------------------------------------------------------------
>
> Unsubscribe: Secunia Security Advisories
>
http://secunia.com/sec_adv_unsubscribe/?email=bjpmf%40bigpond.net.au
>
> -------------------------------------------------------------------
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
K.M.L. Denmark by Erik Richard S¿rensen, Member of ADC
<kmldenmark_NOSP@M_stofanet.dk>
*Music Recording, Editing & Publishing - Also Smaller Quantities
*Software - For Theological Education - And For Physically Impaired
*Nisus - The Future In Text & Mail Processing <
http://www.nisus.com>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~