RHEL 4 : HelixPlayer (RHSA-2007:0605)
High Nessus Plugin ID 25624
SynopsisThe remote Red Hat host is missing a security update.
DescriptionAn updated HelixPlayer package that fixes a buffer overflow flaw is now available.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
HelixPlayer is a media player.
A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)
All users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.
SolutionUpdate the affected HelixPlayer package.