漏洞起因
边界条件错误
危险等级
低
影响系统
Real Networks RealPlayer SP 1.0.5
Real Networks RealPlayer SP 1.0.2
Real Networks RealPlayer SP 1.0.1
Real Networks RealPlayer SP 1.0
Real Networks RealPlayer SP 1.1.1
Real Networks RealPlayer SP 1.1
Real Networks RealPlayer for Mac 12.0.0.1444
Real Networks RealPlayer for Mac 11.1
Real Networks RealPlayer for Mac 11.0
Real Networks RealPlayer for Linux 11.0.2.1744
Real Networks RealPlayer 11 Beta 6.0.14 .550
Real Networks RealPlayer 10 for Mac OS 10.0 .0.331
Real Networks RealPlayer 10 for Mac OS 10.0.0.503
Real Networks RealPlayer 10 for Mac OS 10.0.0.481
Real Networks RealPlayer 10 for Mac OS 10.0.0.412
Real Networks RealPlayer 10 for Mac OS 10.0.0.396
Real Networks RealPlayer 10 for Mac OS 10.0.0.352
Real Networks RealPlayer 10 for Mac OS 10.0.0.325
Real Networks RealPlayer 10 for Mac OS 10.0.0.305
Real Networks RealPlayer 10 for Mac OS
Real Networks RealPlayer 10 for Linux 10.1 .3114
Real Networks RealPlayer 10 for Linux 10.0.9
Real Networks RealPlayer 10 for Linux 10.0.8
Real Networks RealPlayer 10 for Linux 10.0.7
Real Networks RealPlayer 10 for Linux 10.0.6
Real Networks RealPlayer 10 for Linux 10.0.5
Real Networks RealPlayer 10 for Linux 10.0.4
Real Networks RealPlayer 10 for Linux 10.0.3
Real Networks RealPlayer 10 for Linux 10.0.2
Real Networks RealPlayer 10 for Linux 10.0.1
Real Networks RealPlayer 10 for Linux
Real Networks RealPlayer 11.0.5
Real Networks RealPlayer 11.0.4
Real Networks RealPlayer 11.0.3
Real Networks RealPlayer 11.0.2
Real Networks RealPlayer 11.0.1
Real Networks RealPlayer 11.1
Real Networks RealPlayer 11 Beta
Real Networks RealPlayer 11
不受影响系统
Real Networks RealPlayer for Mac 12.0.0.1548
Real Networks RealPlayer for Linux 11.0.2.2315
Real Networks RealPlayer 14.0.1
危害
远程攻击者可以利用漏洞以登录用户安全上下文执行任意代码。
攻击所需条件
攻击者必须构建恶意GIF87a文件,诱使用户访问。
漏洞信息
RealNetworks RealPlayer是一款流行的媒体播放程序。
在流协议RTSP上解析GIF87a存在安全缺陷。给屏幕描述符头字段指定超大屏幕宽度大小,在计算目的堆块大小时对溢出缺少充分检查,这可导致分配较小的缓冲区,当处理接收到的数据时触发堆溢出。成功利用漏洞可以以登录用户安全上下文执行任意指令。
测试方法
厂商解决方案
用户可参考如下供应商提供的安全公告获得补丁信息:
http://service.real.com/realplayer/security/12102010_player/en/
漏洞提供者
anonymous
0 条评论。