|
|
RealOne Player畸形SMIL文件导致堆破坏漏洞
发布时间:2002-12-01
更新时间:2002-12-01
严重程度:高
威胁程度:普通用户访问权限
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:6227
受影响系统Real Networks RealOne Player
Real Networks RealOne Player 2.0
Real Networks RealPlayer G2
Real Networks RealPlayer 6.0 Win32
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
Real Networks RealPlayer 7.0 Win32
Real Networks RealPlayer 8.0 Win32
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 98
- Microsoft Windows 98 SP1
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
- Microsoft Windows XP Home
- Microsoft Windows XP Professional 详细描述
RealPlayer/RealOne实现上存在溢出漏洞,当向其提供一个恶意构造的同步多媒体集成语言(Synchronized Multimedia Integration Language,SMIL)文件,可能会导致一个堆破坏,入侵者可能利用此漏洞在服务器上执行任意指令。据称Real Networks提供的补丁并没有正确地修正漏洞。
解决方案
据说Real Networks提供的如下补丁没有正确修补漏洞:
http://service.real.com/help/faq/security/07092002/skinpatchr11s.rmp
相关信息
NGSSoftware
|
