File: 2420.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (69 lines) | stat: -rw-r--r-- 1,486 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
Rule:

--
Sid:
2420

--
Summary:
This event is generated when an attempt is made to download a file that
may be an attack vector for a known exploit to a vulnerability in Real 
Networks RealPlayer/RealOne player.

--
Impact:
Serious. Execution of arbitrary code.

--
Detailed Information:
RealNetworks RealPlayer/RealOne player is a streaming media player for
Microsoft Windows, Apple Macintosh and UNIX/Linux based operating systems.

A buffer overrun condition is present in some versions of the player
that may present a remote attacker with the opportunity to execute code
of their choosing on a client using one of these players.

--
Affected Systems:
	Real Networks RealOne Desktop Manager
	Real Networks RealOne Enterprise Desktop 6.0.11 .774
	Real Networks RealOne Player 1.0
	Real Networks RealOne Player 2.0
	Real Networks RealOne Player 6.0.11 .868
	Real Networks RealOne Player version 2.0 for Windows
	Real Networks RealPlayer 8.0 Win32
	Real Networks RealPlayer 8.0 Unix
	Real Networks RealPlayer 8.0 Mac
	Real Networks RealPlayer 10.0 BETA

--
Attack Scenarios:
An attacker may supply a malformed file to the client to exploit the
issue.

--
Ease of Attack:
Simple. 

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the latest non-affected version of the software

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--