[ale] Possible zero-day exploit (RealPlayer)
Stephen Cristol
stephen at bee.net
Tue Sep 27 11:50:01 EDT 2005
This is everything I know on the subject; I'm just passing along news.
S
From the SANS website (http://isc.sans.org/diary.php?storyid=707):
> Possible New Zero-Day Exploit for Realplayer
> ?
> Published: 2005-09-27, Last Updated: 2005-09-27 04:54:47 UTC
> FrSIRT is reporting a zero day exploit against client side Realplayer
> and Helix Player.? This exploit takes advantage of a format string
> error which can be exploit by using specially crafted ".rp" (relpix)
> or ".rt" (realtext) files.? The affected versions are
>
> Helix Player 1.0.5 Gold and prior (Linux)
> RealPlayer 10.0.5 Gold and prior (Linux)
>
> There is no known fix at this time.?
> http://service.real.com/help/faq/security/ has not posted information
> on this yet.? Stay tuned for further updates as we have them.
--
Stephen Cristol
cristol at emory.edu
More information about the Ale
mailing list