Gaping holes in RealPlayer patched

RealPlayer patches 4 serious flawsDigital media delivery firm RealNetworks has shipped a high-prority patch to cover four gaping holes in its flagship RealPlayer software, warning that the vulnerabilities could put users at risk of code execution attacks.

The patch comes a few hours after Secunia released an advisory warning for one of the vulnerabilities, a heap-based buffer overflow caused by a design error within RealPlayer’s handling of frames in Shockwave Flash (SWF) files.

According to RealNetworks, at least one of the four bugs affects all platforms — Windows, Mac OS X and Linux.

[ SEE: IE users beware: RealPlayer zero-day flaw under attack ]

Details are only available for these two vulnerabilities:

  • CVE-2008-1309: The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer 11.0.1 build does not properly manage memory for the Console property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. CVSS Base Score 9.3.
  • CVE-2007-5400: The vulnerability is caused due to a design error within the handling of frames in Shockwave Flash (SWF) files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.

In its advisory, RealNetworks also lists CVE-2008-1309, a RealPlayer ActiveX controls property heap memory corruption; and CVE-2008-3064, a local resource reference vulnerability.

[Source: zdnet]