RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]

From: tmorgan-securityat_private
Date: Thu Jan 24 2002 - 19:17:41 PST

Next message: Ofir Arkin: "Identifying PGP Corporate Desktop 7.1 with PGPfire Personal Desktop Firewall Installed (no need to be enabled) on Microsoft Windows Based OSs"

Previous message: securityat_private: "Security Update: [CSSA-2002-SCO.2] Open UNIX, UnixWare 7: sort creates temporary files insecurely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello bugtraq,

There are buffer overflows in RealPlayer's header reading code.  To
my knowledge, no exploit has been developed for it, but it appears
possible.

Since the press already has a hold of it:
  http://www.newsbytes.com/news/02/173936.html

I might as well release this now.  The official advisory can be
found at:
  http://www.sentinelchicken.com/advisories/realplayer/

Real has told me there should be a patch out sometime after noon
tomorrow (Pacific time).

thanks,
tim
(Not a security expert.)

Next message: Ofir Arkin: "Identifying PGP Corporate Desktop 7.1 with PGPfire Personal Desktop Firewall Installed (no need to be enabled) on Microsoft Windows Based OSs"
Previous message: securityat_private: "Security Update: [CSSA-2002-SCO.2] Open UNIX, UnixWare 7: sort creates temporary files insecurely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 25 2002 - 12:31:05 PST