Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Possible New Zero-Day Exploit for Realplayer

Published: 2005-09-27
Last Updated: 2005-09-27 18:16:19 UTC
by Lorna Hutcheson (Version: 2)
0 comment(s)
FrSIRT is reporting a zero day exploit against client side Realplayer and Helix Player.  This exploit takes advantage of a format string error which can be exploit by using specially crafted ".rp" (relpix) or ".rt" (realtext) files.  The affected versions are

Helix Player 1.0.5 Gold and prior (Linux)
RealPlayer 10.0.5 Gold and prior (Linux)

There is no known fix at this time. has not posted information on this yet. 

Blake Hartstein from posted the following to Bleeding-Snort yesterday which should provide
coverage for this issue:

(msg:"BLEEDING-EDGE RealPlayer/Helix Player Format String Exploit";
flow:established,from_server; content:"
reference:url,; reference:bugtraq,14945;
sid:2002381; rev:1;)
Stay tuned for further updates as we have them.  .

0 comment(s)
Diary Archives