RHEL 4 : HelixPlayer (RHSA-2005:271)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated HelixPlayer package that fixes two buffer overflow issues
is now available.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

HelixPlayer is a media player.

A stack based buffer overflow bug was found in HelixPlayer's
Synchronized Multimedia Integration Language (SMIL) file processor. An
attacker could create a specially crafted SMIL file which would
execute arbitrary code when opened by a user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0455 to this issue.

A buffer overflow bug was found in the way HelixPlayer decodes WAV
files. An attacker could create a specially crafted WAV file which
could execute arbitrary code when opened by a user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0611 to this issue.

All users of HelixPlayer are advised to upgrade to this updated
package, which contains HelixPlayer 1.0.3 which is not vulnerable to
these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-0455.html
https://www.redhat.com/security/data/cve/CVE-2005-0611.html
http://rhn.redhat.com/errata/RHSA-2005-271.html

Solution :

Update the affected HelixPlayer package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 17269 ()

Bugtraq ID:

CVE ID: CVE-2005-0455
CVE-2005-0611