RHEL 4 : HelixPlayer (RHSA-2005:271)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated HelixPlayer package that fixes two buffer overflow issues
is now available.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

HelixPlayer is a media player.

A stack based buffer overflow bug was found in HelixPlayer's
Synchronized Multimedia Integration Language (SMIL) file processor. An
attacker could create a specially crafted SMIL file which would
execute arbitrary code when opened by a user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0455 to this issue.

A buffer overflow bug was found in the way HelixPlayer decodes WAV
files. An attacker could create a specially crafted WAV file which
could execute arbitrary code when opened by a user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0611 to this issue.

All users of HelixPlayer are advised to upgrade to this updated
package, which contains HelixPlayer 1.0.3 which is not vulnerable to
these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-0455.html
https://www.redhat.com/security/data/cve/CVE-2005-0611.html
http://rhn.redhat.com/errata/RHSA-2005-271.html

Solution :

Update the affected HelixPlayer package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 17269 ()

Bugtraq ID:

CVE ID: CVE-2005-0455
CVE-2005-0611

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial