Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.

An updated RealPlayer package that fixes a format string bug is now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

RealPlayer is a media player that provides media playback locally and via streaming.

A format string bug was discovered in the way RealPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.

All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.6 and is not vulnerable to this issue.

An updated HelixPlayer package that fixes a string format issue is now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

HelixPlayer is a media player.

A format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue.

All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.

An integer overflow has been discovered in helix-player, the helix audio and video player. This flaw could allow a remote attacker to run arbitrary code on a victims computer by supplying a specially crafted network resource.

The installed version of RealPlayer / RealOne Player / RealPlayer Enterprise for Windows on the remote host is prone to buffer overflow and heap overflow vulnerabilities.  An attacker may be able to leverage these issues to execute arbitrary code on the remote host subject to the permissions of the user running the affected application.  Note that a user doesn't necessarily need to explicitly access a malicious media file since the browser may automatically pass RealPlayer skin files (ie, files with the extension '.rjs') to the application.

According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise for Windows on the remote host is affected by multiple buffer overflow vulnerabilities. 

An attacker may be able to leverage these issues to execute arbitrary code on the remote host subject to the permissions of the user running the affected application.  Note that a user doesn't necessarily need to explicitly access a malicious media file since the browser may automatically pass to the application RealPlayer skin files (ie, files with the extension '.rjs').

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2005:788 advisory.

    HelixPlayer is a media player.

    A format string bug was discovered in the way HelixPlayer processes RealPix     (.rp) files. It is possible for a malformed RealPix file to execute     arbitrary code as the user running HelixPlayer. The Common Vulnerabilities     and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710     to this issue.

    All users of HelixPlayer are advised to upgrade to this updated package,     which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
63829	RHEL 3 / 4 : RealPlayer (RHSA-2005:762)	Nessus	Red Hat Local Security Checks	high
23983	CentOS 4 : Helix / Player (CESA-2005:788)	Nessus	CentOS Local Security Checks	high
22781	Debian DSA-915-1 : helix-player - buffer overflow	Nessus	Debian Local Security Checks	medium
3286	RealPlayer for Windows Multiple Overflows (2)	Nessus Network Monitor	Web Clients	medium
20184	RealPlayer for Windows Multiple Overflows	Nessus	Windows	high
19836	RHEL 4 : HelixPlayer (RHSA-2005:788)	Nessus	Red Hat Local Security Checks	critical

Detections

Analytics

CVE-2005-2629

critical

Tenable Plugins

high

high

medium

medium

high

critical