xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

RealNetworks RealPlayer PNG图像处理堆破坏漏洞


发布时间:2003-04-10
更新时间:2003-04-10
严重程度:
威胁程度:权限提升
错误类型:边界检查错误
利用方式:服务器模式

BUGTRAQ ID:7177
CVE(CAN) ID:CAN-2003-0141

受影响系统
Real Networks RealOne Enterprise Desktop 6.0.11.774      
Real Networks RealOne Player 9.0.0.297 for OS X          
Real Networks RealOne Player 9.0.0.288 for OS X          
Real Networks RealOne Player 6.0.11.853                  
Real Networks RealOne Player 6.0.11.841                  
Real Networks RealOne Player 6.0.11.830                  
Real Networks RealOne Player 6.0.11.818                  
Real Networks RealOne Player                            
Real Networks RealOne Player 2.0                        
Real Networks RealOne Player Gold for Windows 6.0.10 .505
   -Microsoft Windows 2000 Advanced Server              
   -Microsoft Windows 2000 Advanced Server SP1          
   -Microsoft Windows 2000 Advanced Server SP2          
   -Microsoft Windows 2000 Datacenter Server            
   -Microsoft Windows 2000 Datacenter Server SP1        
   -Microsoft Windows 2000 Datacenter Server SP2        
   -Microsoft Windows 2000 Professional                  
   -Microsoft Windows 2000 Professional SP1              
   -Microsoft Windows 2000 Professional SP2              
   -Microsoft Windows 2000 Server                        
   -Microsoft Windows 2000 Server SP1                    
   -Microsoft Windows 2000 Server SP2                    
   -Microsoft Windows 95                                
   -Microsoft Windows 95 SR2                            
   -Microsoft Windows 98                                
   -Microsoft Windows 98SE                              
   -Microsoft Windows ME                                
   -Microsoft Windows NT Enterprise Server 4.0          
   -Microsoft Windows NT Enterprise Server 4.0 SP1      
   -Microsoft Windows NT Enterprise Server 4.0 SP2      
   -Microsoft Windows NT Enterprise Server 4.0 SP3      
   -Microsoft Windows NT Enterprise Server 4.0 SP4      
   -Microsoft Windows NT Enterprise Server 4.0 SP5      
   -Microsoft Windows NT Enterprise Server 4.0 SP6      
   -Microsoft Windows NT Enterprise Server 4.0 SP6a      
   -Microsoft Windows NT Server 4.0                      
   -Microsoft Windows NT Server 4.0 SP1                  
   -Microsoft Windows NT Server 4.0 SP2                  
   -Microsoft Windows NT Server 4.0 SP3                  
   -Microsoft Windows NT Server 4.0 SP4                  
   -Microsoft Windows NT Server 4.0 SP5                  
   -Microsoft Windows NT Server 4.0 SP6                  
   -Microsoft Windows NT Server 4.0 SP6a                
   -Microsoft Windows NT Workstation 4.0                
   -Microsoft Windows NT Workstation 4.0 SP1            
   -Microsoft Windows NT Workstation 4.0 SP2            
   -Microsoft Windows NT Workstation 4.0 SP3            
   -Microsoft Windows NT Workstation 4.0 SP4            
   -Microsoft Windows NT Workstation 4.0 SP5            
   -Microsoft Windows NT Workstation 4.0 SP6            
   -Microsoft Windows NT Workstation 4.0 SP6a            
   -Microsoft Windows XP Home                            
   -Microsoft Windows XP Professional                    
Real Networks RealPlayer 8.0 Win32                      
   -Microsoft Windows 2000 Professional                  
   -Microsoft Windows 2000 Professional SP1              
   -Microsoft Windows 2000 Professional SP2              
   -Microsoft Windows 98                                
   -Microsoft Windows 98 SP1                            
   -Microsoft Windows 98SE                              
   -Microsoft Windows ME                                
   -Microsoft Windows NT 4.0 SP4                        
   -Microsoft Windows NT 4.0 SP5                        
   -Microsoft Windows NT 4.0 SP6a                        
   -Microsoft Windows XP                                
   -Microsoft Windows XP Home                            
   -Microsoft Windows XP Professional                    
Real Networks RealPlayer 8.0 Unix                        
   -Caldera OpenLinux Workstation 3.1                    
   -Debian Linux 2.2 alpha                              
   -Debian Linux 2.2 IA-32                              
   -HP HP-UX 11.0                                        
   -HP HP-UX 11.11                                      
   -IBM AIX 4.2                                          
   -IBM AIX 4.2.1                                        
   -IBM AIX 4.3                                          
   -IBM AIX 4.3.1                                        
   -IBM AIX 4.3.2                                        
   -IBM AIX 4.3.3                                        
   -MandrakeSoft Linux Mandrake 7.2                      
   -MandrakeSoft Linux Mandrake 8.0                      
   -RedHat Linux 6.2 alpha                              
   -RedHat Linux 6.2 i386                                
   -RedHat Linux 6.2 sparc                              
   -RedHat Linux 7.0 i386                                
   -RedHat Linux 7.1 i386                                
   -RedHat Linux 7.2 i386                                
   -S.u.S.E. Linux 7.0 i386                              
   -S.u.S.E. Linux 7.1                                  
   -S.u.S.E. Linux 7.1 x86                              
   -S.u.S.E. Linux 7.2 i386                              
   -SCO eDesktop 2.4                                    
   -SGI IRIX 6.3                                        
   -SGI IRIX 6.5.11                                      
   -SGI IRIX 6.5.11 f                                    
   -SGI IRIX 6.5.11 m                                    
   -SGI IRIX 6.5.12                                      
   -SGI IRIX 6.5.12 f                                    
   -SGI IRIX 6.5.12 m                                    
   -SGI IRIX 6.5.13                                      
   -SGI IRIX 6.5.13 f                                    
   -SGI IRIX 6.5.13 m                                    
   -SGI IRIX 6.5.14                                      
   -Slackware Linux 7.0                                  
   -Slackware Linux 7.1                                  
   -Slackware Linux 8.0                                  
   -Sun Solaris 2.6                                      
   -Sun Solaris 7.0                                      
Real Networks RealPlayer 8.0 Mac
详细描述
RealPlayer在处理解压PNG图像时存在漏洞可能导致执行攻击指定的代码,要利用此漏洞,攻击者可能会诱使用户去查看一个恶意构造的PNG图像,当RealPlayer处理显示此PNG图像时会引发堆破坏,以攻击者指定的数据重写内存中的某些重要数据结构。

解决方案
厂商已经提供了补丁以修补此漏洞:

For RealOne Player and RealOne Player version 2, follow these steps:
1. Select Tools from the menu.
2. Click "Check for Update".
3. Check the box next to "Security Update - March 2003".
4. Click the Install button.

For RealPlayer 8, follow these steps:
1. Select Help from the menu.
2. Click "Check for Update".
3. Check the box next to "Security Update - March 2003".
4. Click the Install button.

相关信息
CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability
http://archives.neohapsis.com/archives/bugtraq/2003-03/0441.html
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved