Overview
Numerous RealNetworks products are vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
RealNetworks RealPlayer RealNetworks RealPlayer is a multimedia application that allows users to view local and remote audio/video content. |
Impact
By convincing a user to open a specially crafted MBC file with RealPlayer, a remote, unauthenticated attacker can execute arbitrary code on a vulnerable system. |
Solution
Patch RealPlayer |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This issue was reported in RealNetwork Security Update for March 2006. RealNetworks credits John Heasman of NGSSoftware, Greg MacManus of iDEFENSE Labs, and Sowhat of Nevis Labs with providing information about this vulnerability.
This document was written by Jeff Gennari.
Other Information
CVE IDs: | CVE-2006-1370 |
Severity Metric: | 8.52 |
Date Public: | 2006-03-22 |
Date First Published: | 2006-04-01 |
Date Last Updated: | 2006-04-24 11:07 UTC |
Document Revision: | 19 |