Possible New Zero-Day Exploit for Realplayer
FrSIRT is reporting a zero day exploit against client side Realplayer and Helix Player. This exploit takes advantage of a format string error which can be exploit by using specially crafted ".rp" (relpix) or ".rt" (realtext) files. The affected versions are
Helix Player 1.0.5 Gold and prior (Linux)
RealPlayer 10.0.5 Gold and prior (Linux)
There is no known fix at this time. http://service.real.com/help/faq/security/ has not posted information on this yet.
Helix Player 1.0.5 Gold and prior (Linux)
RealPlayer 10.0.5 Gold and prior (Linux)
There is no known fix at this time. http://service.real.com/help/faq/security/ has not posted information on this yet.
Blake Hartstein from demarc.com posted the following to Bleeding-Snort yesterday which should provideStay tuned for further updates as we have them. .
coverage for this issue:alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"BLEEDING-EDGE RealPlayer/Helix Player Format String Exploit";
flow:established,from_server; content:"
pcre:"/]* handle=[^>]*%[^>]*%/iRG"; sid:2002381; rev:1;)
reference:url,milw0rm.com/id.php?id=1232; reference:bugtraq,14945;
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments