Realnetworks Helix Player和RealPlayer Unescape多个缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113240 漏洞类型 缓冲区溢出
发布时间 2007-07-03 更新时间 2007-07-03
CVE编号 CVE-2010-0416 CNNVD-ID CNNVD-201002-187
漏洞平台 Linux CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/33620
https://www.securityfocus.com/bid/38161
https://cxsecurity.com/issue/WLB-2010020183
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201002-187
|漏洞详情
RealNetworksRealPlayer和HelixPlayer是流行的媒体播放程序。HelixPlayer和RealPlayer程序common/util/hxurl.cpp和player/hxclientkit/src/CHXClientSink.cpp函数Unescape存在缓冲区溢出漏洞。远程攻击者可以通过包含%字符(而该字符不是在两个十六进制数字的后面)的URL,导致拒绝服务(应用崩溃)或执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/38161/info

Helix Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successful exploits may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. 


The following example URI is available:

http://AAA.BBB.CCC.DDD:EEEE/%.20000000s%
|受影响的产品
Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux Desktop version 4 RealNetworks Helix Player for Linux 11.0.2
|参考资料

来源:helixcommunity.org
链接:https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=561856
来源:REDHAT
名称:RHSA-2010:0094
链接:http://www.redhat.com/support/errata/RHSA-2010-0094.html
来源:MLIST
名称:[common-cvs]20070703utilhxurl.cpp,1.24.4.1,1.24.4.1.4.1
链接:http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html