VULHUB ™

RealOne Player and RealPlayer are affected by a buffer overflow vulnerability. This issue may be exploited by a remote attacker to execute arbitrary code in the context of the software. The application fails to perfrom proper boundary checks before copying the arguments of the 'ShowPreferences' action to a static buffer through a 'sprintf()' function call. An attacker can design a malicious Web site or skin file and trigger an overflow condition in the application. This issue may be leveraged to execute arbitrary code in the context of the user running the application. It is likely that this issue is identical the vulnerability described in BID 11307 (RealNetworks RealOne Player And RealPlayer Unspecified Web Page Code Execution Vulnerability). This cannot be confirmed at the moment, however, one of the BIDs will be retired, if it turns out that the BIDs represent the same issue.

RealOne Player and RealPlayer are affected by a buffer overflow vulnerability. This issue may be exploited by a remote attacker to execute arbitrary code in the context of the software. The application fails to perfrom proper boundary checks before copying the arguments of the 'ShowPreferences' action to a static buffer through a 'sprintf()' function call. An attacker can design a malicious Web site or skin file and trigger an overflow condition in the application. This issue may be leveraged to execute arbitrary code in the context of the user running the application. It is likely that this issue is identical the vulnerability described in BID 11307 (RealNetworks RealOne Player And RealPlayer Unspecified Web Page Code Execution Vulnerability). This cannot be confirmed at the moment, however, one of the BIDs will be retired, if it turns out that the BIDs represent the same issue.