<PRODUCT> contains a flaw that may allow a malicious user to <ISSUE_DESCRIPTION>. The issue is triggered when <CONDITION> occurs. It is possible that the flaw may allow <IMPACT> resulting in a loss of <confidentiality, integrity, and/or availability>. c0ntex has discovered a vulnerability in Helix Player, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error when displaying the invalid-handle error message. This may be exploited to execute arbitrary code via a specially crafted ".rp" file. The ".rt" file format may also be affected. Successful exploitation requires that the user is e.g. tricking into opening or following a link to a malicious ".rp" file. The vulnerability has been confirmed in Helix Player 1.0.5.757 (gold), and affects only the Linux/Unix platforms. Other versions may also be affected.

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Unknown or Incomplete

• Security Tracker: 1014975
• Milw0rm: 1232
• Exploit Database: 1232
• Secunia Advisory ID: 16954 16962 16981 16986 17116 17127
• SCIP VulDB ID: 1771 1772
• CVE ID: 2005-2710 (see also: NVD)
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0675.html
  http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0878.html
• Vendor URL: http://helixcommunity.org
• Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Oct/0003.html
  http://open-security.org/advisories/13
  http://www.gentoo.org/security/en/glsa/glsa-200510-07.xml
  http://www.idefense.com/application/poi/display?id=311&type=vulnerabilities
• Vendor Specific Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-788.html
  http://www.debian.org/security/2005/dsa-826

• iDefense Labs - iDefense Labs