CVE-2003-0141
CVSS5.1
发布时间 :2003-04-02 00:00:00
修订时间 :2016-10-17 22:30:03
NMCOS    

[原文]The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.


[CNNVD]RealNetworks RealPlayer PNG远程堆破坏漏洞(CNNVD-200304-050)

        
        RealPlayer是一款由RealNetworks公司提供的用于播放在线音频和视频的软件。程序可以包放多种媒体文件,包括处理PNG图形文件格式。
        RealPlayer在处理PNG文件时存在漏洞,远程攻击者可以利用这个漏洞进行基于堆的破坏,可能以RealPlayer进程权限在系统上执行任意指令。
        攻击者可以构建恶意PNG图象文件,诱使Realplayer用户解析,由于在渲染PNG图象文件时存在漏洞,可导致触发基于堆的破坏,可能以RealPlayer进程权限在系统上执行任意指令。
        不过没有提供详细漏洞细节。
        

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:realnetworks:realone_enterprise_desktop:6.0.11.774
cpe:/a:realnetworks:realone_player:6.0.11.830
cpe:/a:realnetworks:realone_player:6.0.11.841
cpe:/a:realnetworks:realone_player:2.0
cpe:/a:realnetworks:realone_player:9.0.0.297
cpe:/a:realnetworks:realone_player:6.0.11.853
cpe:/a:realnetworks:realplayer:8.0
cpe:/a:realnetworks:realone_player:6.0.10.505:gold
cpe:/a:realnetworks:realone_player:6.0.11.818
cpe:/a:realnetworks:realone_player:9.0.0.288

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0141
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0141
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200304-050
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html
(UNKNOWN)  VULNWATCH  20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability
http://marc.info/?l=bugtraq&m=104887465427579&w=2
(UNKNOWN)  BUGTRAQ  20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability
http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10
(VENDOR_ADVISORY)  MISC  http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10
http://www.kb.cert.org/vuls/id/705761
(VENDOR_ADVISORY)  CERT-VN  VU#705761
http://www.securityfocus.com/bid/7177
(VENDOR_ADVISORY)  BID  7177

- 漏洞信息

RealNetworks RealPlayer PNG远程堆破坏漏洞
中危 边界条件错误
2003-04-02 00:00:00 2006-01-05 00:00:00
远程※本地  
        
        RealPlayer是一款由RealNetworks公司提供的用于播放在线音频和视频的软件。程序可以包放多种媒体文件,包括处理PNG图形文件格式。
        RealPlayer在处理PNG文件时存在漏洞,远程攻击者可以利用这个漏洞进行基于堆的破坏,可能以RealPlayer进程权限在系统上执行任意指令。
        攻击者可以构建恶意PNG图象文件,诱使Realplayer用户解析,由于在渲染PNG图象文件时存在漏洞,可导致触发基于堆的破坏,可能以RealPlayer进程权限在系统上执行任意指令。
        不过没有提供详细漏洞细节。
        

- 公告与补丁

        厂商补丁:
        Real Networks
        -------------
        RealOne Player,RealPlayer 8和RealOne Player version 2可以按照如下方法升级:
        1、选择菜单'工具'项
        2、选择"升级检查"
        3、选择"Security Update - March 2003"框。
        4、点击'安装'按钮。
        OS X系统下的RealOne Player可以从如下地址获得升级补丁:
        
        http://forms.real.com/real/realone/mac.html.

        MacOS下的RealPlayer 8可从如下地址获得补丁:
        Real Networks RealPlayer 8.0 Mac:
        RealNetworks Patch RP8_Security_March03.sit.hqx
        
        http://service.real.com/help/faq/security/03272003/RP8_Security_March03.sit.hqx

- 漏洞信息

11768
RealOne/RealPlayer PNG Deflate Algorithm Heap Corruption Arbitrary Code Execution
Input Manipulation
Loss of Integrity

- 漏洞描述

- 时间线

2003-03-28 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

RealNetworks RealPlayer PNG Deflate Heap Corruption Vulnerability
Boundary Condition Error 7177
Yes Yes
2003-03-28 12:00:00 2009-07-11 09:06:00
Discovery is credited to Juliano Rizzo, Agustin Azubel Friedman, Bruno Acselrad and Carlos Sarraute from Core Security Technologies.

- 受影响的程序版本

Real Networks RealPlayer 8.0 Win32
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98 SP1
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Real Networks RealPlayer 8.0 Unix
- Caldera OpenLinux Workstation 3.1
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 alpha
- HP HP-UX 11.11
- HP HP-UX 11.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 4.2.1
- IBM AIX 4.2
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- RedHat Linux 7.2 i386
- RedHat Linux 7.1 i386
- RedHat Linux 7.0 i386
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 8.1
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux Desktop 1.0
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
- SCO eDesktop 2.4
- SGI IRIX 6.5.14
- SGI IRIX 6.5.13 m
- SGI IRIX 6.5.13 f
- SGI IRIX 6.5.13
- SGI IRIX 6.5.12 m
- SGI IRIX 6.5.12 f
- SGI IRIX 6.5.12
- SGI IRIX 6.5.11 m
- SGI IRIX 6.5.11 f
- SGI IRIX 6.5.11
- SGI IRIX 6.3
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
- Sun Solaris 7.0
- Sun Solaris 2.6
Real Networks RealPlayer 8.0 Mac
Real Networks RealOne Player Gold for Windows 6.0.10 .505
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Real Networks RealOne Player for OSX 9.0 .297
Real Networks RealOne Player for OSX 9.0 .288
Real Networks RealOne Player 6.0.11 .853
Real Networks RealOne Player 6.0.11 .841
Real Networks RealOne Player 6.0.11 .830
Real Networks RealOne Player 6.0.11 .818
Real Networks RealOne Player 2.0
Real Networks RealOne Player
Real Networks RealOne Enterprise Desktop 6.0.11 .774

- 漏洞讨论

A heap corruption vulnerability has been reported for RealPlayer that may result in the execution of attacker-supplied code.

The vulnerability is related to the way RealPlayer handles PNG image files. Specifically, the vulnerability occurs when RealPlayer attempts to decompress PNG image files.

An attacker can exploit this vulnerability by tricking a user into viewing a maliciously constructed PNG image file. When the image file is rendered by the RealPlayer, it will trigger the heap corruption condition and overwrite critical areas in memory with attacker-supplied values.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

RealNetworks has released fixes for this issue.

For RealOne Player and RealOne Player version 2, follow these steps:
1. Select Tools from the menu.
2. Click "Check for Update".
3. Check the box next to "Security Update - March 2003".
4. Click the Install button.

For RealPlayer 8, follow these steps:
1. Select Help from the menu.
2. Click "Check for Update".
3. Check the box next to "Security Update - March 2003".
4. Click the Install button.

RealOne Player for OS X users are advised to download an updated RealOne Player from http://forms.real.com/real/realone/mac.html.

A fix for RealOne Desktop Manager and RealOne Enterprise Desktop is forthcoming.

Users of other versions of RealPlayer and RealOne Player are advised to upgrade to the newest version of RealOne Player, then follow the steps above.

RealPlayer 8 for MacOS users should download the fix below, then follow these steps:
1. Decompress the RP8_Security_March03.sit.hqx archive using Stuffit Expander.
2. Close RealPlayer if it is running.
3. Copy the following update files from the archive to the System Folder:Application Support:Real:Plugins folder:
pxpf60.dll
pxpr60.dll
pxgr60.dll
pxcpng60.dll
httpfsys60.dll
swfrend60.dll


Real Networks RealPlayer 8.0 Mac

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站