Users of RealPlayer please be advised of a QCP Sample Chunk Parsing Buffer Overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
RealPlayer-SA-10/18/2010: RealPlayer QCP Sample Chunk Parsing Buffer Overflow
Affected Software
* RealPlayer SP 1.0.5
NOTE: Other versions may also be affected.
Description of Vulnerability
Secunia Research has discovered a vulnerability in RealPlayer SP,
which can be exploited by malicious people to compromise a user's
system.
The vulnerability is caused by missing input validation in the
handling of sample chunks when parsing QCP audio content. This can be
exploited to cause a heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code.Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/dk2u
No comments:
Post a Comment