APP: RealPlayer Malicious Metafile Download
This signature detects attempts to exploit a known vulnerability against RealJukebox. Attackers can attempt to download a malicious RealJukebox Metafile (.rm) file through HTTP. A successful exploit can allow the execution of arbitrary code on the affected system.
Extended Description
RealPlayer and RealOne Player are prone to a remote integer overflow vulnerability. It is reported that the vulnerability exists in the 'pnen3260.dll' linked library of both RealPlayer and RealOne Player for Microsoft Windows, Linux, and Mac OS platforms. The 'pnen3260.dll' library is responsible for processing real-media '.rm' files. The overflow will cause the corruption of heap-based memory management structures. Ultimately this may permit an attacker to write to an arbitrary location in the memory of the active process and in doing so control execution flow. A remote attacker may therefore exploit this vulnerability to execute arbitrary attacker-supplied instructions in the context of a user that is running a vulnerable version of the software. This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.
Affected Products
Real_networks realone_player
Short Name
APP:REAL:PLAYER-MAL-META-FILE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2004-1481 Download Malicious Metafile RealPlayer bid:11309
Release Date
11/03/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Real_networks
CVSS Score
5.1