APP: RealPlayer SMIL File Handling Overflow
This signature detects attempts to exploit a known vulnerability in the RealNetworks RealPlayer media application. Attackers can create a malformed Synchronized Multimedia Integration Language (SMIL) file that, when downloaded by a user, is processed without user intervention. Attackers can execute arbitrary code with the privileges of the target user.
Extended Description
RealNetworks RealPlayer and RealOne Player are reported prone to a remote stack based buffer overflow vulnerability. The issue exists due to a lack of boundary checks performed by the application when parsing Synchronized Multimedia Integration Language (SMIL) files. A remote attacker may execute arbitrary code on a vulnerable computer to gain unauthorized access. This vulnerability is reported to exist in RealNetworks products for Microsoft Windows, Linux, and Apple Mac platforms.
Affected Products
Real_networks realone_player
Short Name
APP:REAL:PLAYER-SMIL-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2005-0455 File Handling Overflow RealPlayer SMIL bid:12698
Release Date
03/04/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Real_networks
CVSS Score
5.1