Info

Disclosure

Mar 07, 2004

Discovery

Feb 04, 2004

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in RealPlayer/RealOne R3T Plugin. The software fails to check an unspecified boundary within the handling of the R3T file format resulting in a buffer overflow. With a specially crafted request, an attacker can cause the service to stop responding, and or execute arbitrary code on the targeted host.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Real has released a patch to address this vulnerability.

Products

RealNetworks, Inc.	RealOne Player	2.0
RealNetworks, Inc.	RealPlayer	8.0

References

Bugtraq ID: 10070
Secunia Advisory ID: 11314
ISS X-Force ID: 15774
CVE ID: 2004-0387 (see also: NVD)
Vendor Specific Solution URL: http://service.real.com/help/faq/security/040406_r3t/en/
Other Advisory URL: http://www.nextgenss.com/advisories/realr3t.txt
Vendor URL: http://www.real.com
Vendor Specific Advisory URL: http://www.service.real.com/help/faq/security/040406_r3t/en/
Keyword: NISR17042004

Credit

Mark Litchfield - mlitchfieldatstake.com - @Stake, Inc.

Direct URL: http://osvdb.org/4977

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

RealNetworks, Inc.

RealOne Player

RealPlayer

References

Credit