Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:REAL:SMIL-WALLCLOCK-OF

Severity

 Minor

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 RealNetworks RealPlayer SMIL Wallclock Stack Overflow

Release Date

 2007/07/23

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: RealNetworks RealPlayer SMIL Wallclock Stack Overflow


This signature detects attempts to exploit a known vulnerability in RealNetworks RealPlayer. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Extended Description

RealPlayer and HelixPlayer are prone to a buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Affected Products

  • Gentoo linux
  • Real_networks helixplayer 10.5 - GOLD
  • Real_networks helix_player_for_linux 10.0.5
  • Real_networks helix_player_for_linux 10.0.6
  • Real_networks helix_player_for_linux 10.0.7
  • Real_networks realone_player 1.0.0
  • Real_networks realone_player_for_mac
  • Real_networks realplayer 10.5-GOLD
  • Real_networks realplayer_10_for_linux 10.0.5
  • Real_networks realplayer_10_for_linux 10.0.6
  • Real_networks realplayer_10_for_linux 10.0.7
  • Real_networks realplayer_10_for_linux 10.0.8
  • Real_networks realplayer_10_for_mac_os 10.0.0 .0.331
  • Real_networks realplayer_10_for_mac_os 10.0.0.305
  • Real_networks realplayer_10_for_mac_os 10.0.0.352
  • Real_networks realplayer_10_for_mac_os 10.0.0.396
  • Real_networks realplayer_10_for_mac_os 10.0.0.412
  • Real_networks realplayer_enterprise
  • Red_hat enterprise_linux Desktop Version 4
  • Red_hat enterprise_linux_as 4
  • Red_hat enterprise_linux_desktop_supplementary 5 Client
  • Red_hat enterprise_linux_es 4
  • Red_hat enterprise_linux_extras 3
  • Red_hat enterprise_linux_extras 4
  • Red_hat enterprise_linux_ws 4

References

  • BugTraq: 24658
  • CVE: CVE-2007-3410
  • URL: http://rhn.redhat.com/errata/RHSA-2007-0605.html
  • URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547
  • URL: http://www.securityfocus.com/archive/1/46816ECA.7000008@idefense.com

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out