Signature Detail

APP: RealPlayer Format String

This signature detects attempts to exploit a known vulnerability in the RealMedia RealPlayer program. An attacker can send a malicious .rp file to a user, which upon opening, could create a format string bug. Once the program is opened, it runs without any additional user intervention.

Extended Description

RealPlayer and Helix player are susceptible to a format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input, allowing a remote attacker to supply format specifiers directly to a formatted printing function. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. RealPlayer 10.0 through 10.0.5 for Linux and Helix Player 1.0 through 1.0.5 are prone to this issue.

Affected Products

• Real_networks helix_player_for_linux 1.0.0
• Real_networks helix_player_for_linux 1.0.1
• Real_networks helix_player_for_linux 1.0.2
• Real_networks helix_player_for_linux 1.0.3
• Real_networks helix_player_for_linux 1.0.4
• Real_networks helix_player_for_linux 1.0.5
• Real_networks realplayer_10 English
• Real_networks realplayer_10 German
• Real_networks realplayer_10 Japanese
• Real_networks realplayer_10_for_linux
• Real_networks realplayer_for_unix 10.0.3
• Real_networks realplayer_for_unix 10.0.4
• Red_hat desktop 4.0.0
• Red_hat enterprise_linux_as 4
• Red_hat enterprise_linux_es 4
• Red_hat enterprise_linux_ws 4
• Red_hat fedora Core3
• Red_hat fedora Core4
• Suse linux_personal 10.0.0 OSS
• Suse linux_personal 9.2.0
• Suse linux_personal 9.2.0 X86 64
• Suse linux_personal 9.3.0
• Suse linux_personal 9.3.0 X86 64
• Suse linux_professional 10.0.0
• Suse linux_professional 10.0.0 OSS
• Suse linux_professional 9.2.0
• Suse linux_professional 9.2.0 X86 64
• Suse linux_professional 9.3.0
• Suse linux_professional 9.3.0 X86 64
• Suse novell_linux_desktop 9.0.0

References

• BugTraq: 14945
• CVE: CVE-2005-2710