Fedora Core 3 : HelixPlayer-1.0.3-3.fc3 (2005-188)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

Updated HelixPlayer packages that fixes two buffer overflow issues are
now available.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

A stack based buffer overflow bug was found in HelixPlayer's
Synchronized Multimedia Integration Language (SMIL) file processor. An
attacker could create a specially crafted SMIL file which would
execute arbitrary code when opened by a user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0455 to this issue.

A buffer overflow bug was found in the way HelixPlayer decodes WAV
files. An attacker could create a specially crafted WAV file which
could execute arbitrary code when opened by a user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0611 to this issue.

All users of HelixPlayer are advised to upgrade to this updated
package, which contains HelixPlayer 1.0.3 which is not vulnerable to
these issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?9b805099

Solution :

Update the affected HelixPlayer package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 19623 (fedora_2005-188.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0455

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now