RealNetworks RealPlayer and HelixPlayer SmilTimeValue::parseWallClockValue() buffer overflow
| realplayer-smiltime-wallclockvalue-bo (35088) |  High Risk |
Description:
RealNetworks RealPlayer and HelixPlayer are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the SmilTimeValue::parseWallClockValue() function. By persuading a victim to open a specially-crafted SMIL file containing an overly long time string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Platforms Affected:
- Gentoo, Linux
- Real, Helix Player 1.0.5 Gold
- Real, Helix Player 1.0.6 Gold
- Real, Helix Player 1.0.7 Gold
- Real, Helix Player 1.0.8 Gold
- Real, RealONE Player Enterprise
- Real, RealONE Player
- Real, RealPlayer 10.0
- Real, RealPlayer 10.1
- Real, RealPlayer 10.5
- RedHat, Enterprise Linux 4 Desktop
- RedHat, Enterprise Linux 4 AS
- RedHat, Enterprise Linux 4 WS
- RedHat, Enterprise Linux 4 ES
- RedHat, RHEL Desktop Supplementary 5 Client
- RedHat, RHEL Extras 3
- RedHat, RHEL Extras 4
Remedy:
Refer to the RealNetworks Customer Support - Real Security Updates Web page for upgrade information. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
Gain Access
References:
- Helix Player Community Download Web page, Player Downloads at https://player.helixcommunity.org/2004/downloads/.
- iDefense Labs PUBLIC ADVISORY: 06.26.07, RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow Vulnerability at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547.
- RealNetworks Customer Support - Real Security Updates Web page, RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. at http://www.service.real.com/realplayer/security/10252007_player/en/.
- ASA-2007-274: HelixPlayer security update (RHSA-2007-0605)
- ASA-2007-385: RealPlayer security update (RHSA-2007-0841)
- BID-24658: RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow Vulnerability
- CVE-2007-3410: Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.
- FrSIRT/ADV-2007-2339: RealNetworks RealPlayer and HelixPlayer SMIL Wallclock Stack Overflow Vulnerability
- FrSIRT/ADV-2007-3628: RealNetworks Products Multiple Remote Buffer Overflow Vulnerabilities
- GLSA-200709-05: RealPlayer: Buffer overflow
- RHSA-2007-0605: Critical: HelixPlayer security update
- RHSA-2007-0841: Critical: RealPlayer security update
- SA25819: RealPlayer/Helix Player SMIL wallclock Buffer Overflow Vulnerability
- SA27361: RealPlayer/RealOne/HelixPlayer Multiple Buffer Overflows
- SECTRACK ID: 1018297: Helix Player SMIL parseWallClockValue() Stack Overflow Lets Remote Users Execute Arbitrary Code
- SECTRACK ID: 1018299: RealPlayer SMIL parseWallClockValue() Stack Overflow Lets Remote Users Execute Arbitrary Code
- US-CERT VU#770904: RealNetworks players SMIL "wallclock" buffer overflow
Reported:
Jun 26, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net