[ale] Possible zero-day exploit (RealPlayer)

Stephen Cristol stephen at bee.net
Tue Sep 27 11:50:01 EDT 2005


This is everything I know on the subject; I'm just passing along news.

S

 From the SANS website (http://isc.sans.org/diary.php?storyid=707):

> Possible New Zero-Day Exploit for Realplayer
> ?
> Published: 2005-09-27, Last Updated: 2005-09-27 04:54:47 UTC
> FrSIRT is reporting a zero day exploit against client side Realplayer 
> and Helix Player.? This exploit takes advantage of a format string 
> error which can be exploit by using specially crafted ".rp" (relpix) 
> or ".rt" (realtext) files.? The affected versions are
>
>  Helix Player 1.0.5 Gold and prior (Linux)
>  RealPlayer 10.0.5 Gold and prior (Linux)
>
>  There is no known fix at this time.? 
> http://service.real.com/help/faq/security/ has not posted information 
> on this yet.? Stay tuned for further updates as we have them.

-- 
Stephen Cristol
cristol at emory.edu




More information about the Ale mailing list