1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP RealPlayer SMIL File Stack BO

HTTP RealPlayer SMIL File Stack BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow weakness in the RealPlayer SMIL parsing engine.

Additional Information

Real Networks RealPlayer and RealOne Player are media players that are available for various operating systems, including Microsoft Windows, Linux, and Mac OS.

Real Networks RealPlayer and RealOne Player are reported prone to a remote stack based buffer overflow vulnerability. The issue exists due to a lack of boundary checks performed by the application when parsing Synchronized Multimedia Integration Language (SMIL) files. A remote attacker may execute arbitrary code on a vulnerable computer to gain unauthorized access.

RealPlayer and RealOne Player both support the SMIL file format. A remote buffer overflow vulnerability exists in the 'CSmil1Parser::testAttributeFailed()' function of the 'smlparse.cpp' file. It is reported that an attacker can trigger this condition by supplying an excessive value for the 'system-screen-size' attribute in a malformed SMIL file. Specifically, a 'system-screen-size' value larger than 256 bytes can successfully overflow a finite sized buffer due to a strcpy() operation.

A remote attacker may exploit this vulnerability to execute arbitrary instructions in the context of a user that processes a malformed file through the affected application.

This vulnerability is reported to exist in Real Networks products for Microsoft Windows, Linux, and Apple Mac platforms.

Affected

  • Real Networks Helix Player for Linux 1.0
  • Real Networks RealOne Player 1.0, 6.0.11.818, 6.0.11.830, 6.0.11.840, 6.0.11.841, 6.0.11.853, 6.0.11.868, 6.0.11.872
  • Real Networks RealOne Player for OSX 9.0.288, 9.0.297
  • Real Networks RealPlayer 8.0 Win32, 10.0, 10.5 v6.0.12.1040, 10.5 v6.0.12.1053, 10.5 v6.0.12.1056
  • Real Networks RealPlayer 10 for Linux
  • Real Networks RealPlayer 10 for Mac OS
  • Real Networks RealPlayer Enterprise 1.1, 1.2, 1.5, 1.6
  • Real Networks RealPlayer For Unix 10.0.3
  • RedHat Fedora Core3

Response

RedHat Fedora Linux has made an advisory (FEDORA-2005-188) available dealing with this issue in their Core 3 distribution. See the reference section for more information.

SuSE has released advisory SUSE-SA:2005:014 to address this issue. See the attached advisory for details on obtaining and applying fixes.

The vendor has released updates dealing with this issue. See the referenced advisory for more information on obtaining the updated packages.


Real Networks Helix Player for Linux 1.0:
Fedora Upgrade HelixPlayer-1.0.3-3.fc3.i386.rpm
Fedora Upgrade HelixPlayer-debuginfo-1.0.3-3.fc3.i 386.rpm

Real Networks RealPlayer For Unix 10.0.3:
SuSE Upgrade RealPlayer-10.0.3-0.1.i586.rpm

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube