Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:REAL:PLAYER-MAL-META-FILE

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 RealPlayer Malicious Metafile Download

Release Date

 2004/11/03

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: RealPlayer Malicious Metafile Download


This signature detects attempts to exploit a known vulnerability against RealJukebox. Attackers can attempt to download a malicious RealJukebox Metafile (.rm) file through HTTP. A successful exploit can allow the execution of arbitrary code on the affected system.

Extended Description

RealPlayer and RealOne Player are prone to a remote integer overflow vulnerability. It is reported that the vulnerability exists in the 'pnen3260.dll' linked library of both RealPlayer and RealOne Player for Microsoft Windows, Linux, and Mac OS platforms. The 'pnen3260.dll' library is responsible for processing real-media '.rm' files. The overflow will cause the corruption of heap-based memory management structures. Ultimately this may permit an attacker to write to an arbitrary location in the memory of the active process and in doing so control execution flow. A remote attacker may therefore exploit this vulnerability to execute arbitrary attacker-supplied instructions in the context of a user that is running a vulnerable version of the software. This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.

Affected Products

  • Real_networks helix_player_for_linux 1.0.0
  • Real_networks realone_player 1.0.0
  • Real_networks realone_player 2.0.0
  • Real_networks realone_player_for_osx 9.0.0 .288
  • Real_networks realone_player_for_osx 9.0.0 .297
  • Real_networks realplayer 10.0.0
  • Real_networks realplayer 10.0.0 BETA
  • Real_networks realplayer 10.0.0 v6.0.12.690
  • Real_networks realplayer 10.5.0
  • Real_networks realplayer 10.5.0 Beta v6.0.12.1016
  • Real_networks realplayer 10.5.0 V6.0.12.1040
  • Real_networks realplayer 8.0.0 Mac
  • Real_networks realplayer 8.0.0 Unix
  • Real_networks realplayer 8.0.0 Win32
  • Real_networks realplayer_10 English
  • Real_networks realplayer_10 German
  • Real_networks realplayer_10 Japanese
  • Real_networks realplayer_10_for_linux
  • Real_networks realplayer_10_for_mac_os beta
  • Real_networks realplayer_8
  • Real_networks realplayer_enterprise

References

  • BugTraq: 11309
  • CVE: CVE-2004-1481
  • URL: http://www.juniper.net/security/auto/vulnerabilities/vuln1832.html
  • URL: http://service.real.com/help/faq/security/040928_player/EN/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out