CVE-2004-0258
CVSS7.6
发布时间 :2004-11-23 00:00:00
修订时间 :2016-10-17 22:42:35
NMCOS    

[原文]Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.


[CNNVD]RealPlayer/RealOne Player支持文件类型多个缓冲区溢出漏洞(CNNVD-200411-076)

        
        RealPlayer & RealOne Player是多媒体播放器软件。
        RealPlayer & RealOne Player在处理各种支持的文件类型时缺少充分边界检查,远程攻击者可以利用这个漏洞构建恶意文件,诱使用户访问,触发缓冲区溢出。
        通过特殊构建.RP、 .RT、 .RAM、 .RPM & .SMIL文件,可能导致RealPlayer / RealOne Player产生基于堆和栈的缓冲区溢出,通过诱使用户访问包含这些文件的WEB页,可以登录用户权限在系统上执行任意指令。目前没有详细漏洞细节。
        

- CVSS (基础分值)

CVSS分值: 7.6 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:realnetworks:realone_enterprise_desktop:6.0.11.774
cpe:/a:realnetworks:realone_player:2.0::win
cpe:/a:realnetworks:realone_player:6.0.11.830
cpe:/a:realnetworks:realone_player:6.0.11.841
cpe:/a:realnetworks:realone_player:6.0.11.868
cpe:/a:realnetworks:realone_player:6.0.11.853
cpe:/a:realnetworks:realplayer:8.0::win32
cpe:/a:realnetworks:realplayer:8.0::unix
cpe:/a:realnetworks:realone_player:1.0
cpe:/a:realnetworks:realone_desktop_manager
cpe:/a:realnetworks:realplayer:8.0::mac_os
cpe:/a:realnetworks:realone_player:2.0
cpe:/a:realnetworks:realplayer:10.0_beta
cpe:/a:realnetworks:realone_player:6.0.11.818

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0258
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0258
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-076
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html
(UNKNOWN)  VULNWATCH  20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer
http://marc.info/?l=bugtraq&m=107608748813559&w=2
(UNKNOWN)  BUGTRAQ  20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer
http://www.ciac.org/ciac/bulletins/o-075.shtml
(UNKNOWN)  CIAC  O-075
http://www.kb.cert.org/vuls/id/473814
(VENDOR_ADVISORY)  CERT-VN  VU#473814
http://www.nextgenss.com/advisories/realone.txt
(UNKNOWN)  MISC  http://www.nextgenss.com/advisories/realone.txt
http://www.securityfocus.com/bid/9579
(VENDOR_ADVISORY)  BID  9579
http://www.service.real.com/help/faq/security/040123_player/EN/
(UNKNOWN)  CONFIRM  http://www.service.real.com/help/faq/security/040123_player/EN/
http://xforce.iss.net/xforce/xfdb/15040
(VENDOR_ADVISORY)  XF  realoneplayer-multiple-file-bo(15040)

- 漏洞信息

RealPlayer/RealOne Player支持文件类型多个缓冲区溢出漏洞
高危 边界条件错误
2004-11-23 00:00:00 2006-01-05 00:00:00
远程  
        
        RealPlayer & RealOne Player是多媒体播放器软件。
        RealPlayer & RealOne Player在处理各种支持的文件类型时缺少充分边界检查,远程攻击者可以利用这个漏洞构建恶意文件,诱使用户访问,触发缓冲区溢出。
        通过特殊构建.RP、 .RT、 .RAM、 .RPM & .SMIL文件,可能导致RealPlayer / RealOne Player产生基于堆和栈的缓冲区溢出,通过诱使用户访问包含这些文件的WEB页,可以登录用户权限在系统上执行任意指令。目前没有详细漏洞细节。
        

- 公告与补丁

        厂商补丁:
        Real Networks
        -------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://service.real.com/helix/

        Windows Players:
        RealOne Player和RealOne Player v2(所有语言)可以通过如下步骤更新:
        1、在工具菜单中选择Update。
        2、选择对话框的Next到"RealOne Player"组件。
        3、点击安装按钮下载和安装升级。
        RealOne企业级产品:
        RealOne Desktop Manager:
        
        http://licensekey.realnetworks.com/rnforms/products/tools/rdm/index.html

        RealOne Enterprise Desktop:
        
        http://forms.real.com/rnforms/products/tools/red/index.html

- 漏洞信息

3827
RealOne/RealPlayer RMP Code Execution
Local Access Required, Remote / Network Access Authentication Management, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

A possibly remote overflow exists in mediaplayer software from Real Networks. The mediaplayer software fails to validate mediafiles downloaded before playing them resulting in heap and stack based overflows. With a specially crafted file, an attacker can cause arbitrary code to be executed resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2004-02-04 Unknow
Unknow Unknow

- 解决方案

Use the built-in function to check for updates to upgrade to a newer version, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple RealPlayer/RealOne Player Supported File Type Buffer Overrun Vulnerabilities
Boundary Condition Error 9579
Yes No
2004-02-04 12:00:00 2009-07-12 02:06:00
The disclosure of these issues has been credited to Mark Litchfield.

- 受影响的程序版本

Real Networks RealPlayer 10.0 BETA
Real Networks RealPlayer 8.0 Win32
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98 SP1
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Real Networks RealPlayer 8.0 Unix
- Caldera OpenLinux Workstation 3.1
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 alpha
- HP HP-UX 11.11
- HP HP-UX 11.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 4.2.1
- IBM AIX 4.2
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- RedHat Linux 7.2 i386
- RedHat Linux 7.1 i386
- RedHat Linux 7.0 i386
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 8.1
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux Desktop 1.0
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
- SCO eDesktop 2.4
- SGI IRIX 6.5.14
- SGI IRIX 6.5.13 m
- SGI IRIX 6.5.13 f
- SGI IRIX 6.5.13
- SGI IRIX 6.5.12 m
- SGI IRIX 6.5.12 f
- SGI IRIX 6.5.12
- SGI IRIX 6.5.11 m
- SGI IRIX 6.5.11 f
- SGI IRIX 6.5.11
- SGI IRIX 6.3
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
- Sun Solaris 7.0
- Sun Solaris 2.6
Real Networks RealPlayer 8.0 Mac
Real Networks RealOne Player version 2.0 for Windows
Real Networks RealOne Player 6.0.11 .868
Real Networks RealOne Player 6.0.11 .853
Real Networks RealOne Player 6.0.11 .841
Real Networks RealOne Player 6.0.11 .830
Real Networks RealOne Player 6.0.11 .818
Real Networks RealOne Player 2.0
Real Networks RealOne Player 1.0
Real Networks RealOne Enterprise Desktop 6.0.11 .774
Real Networks RealOne Desktop Manager
Real Networks RealPlayer 10.0 v6.0.12.690
Real Networks RealOne Player 6.0.11 .872

- 不受影响的程序版本

Real Networks RealPlayer 10.0 v6.0.12.690
Real Networks RealOne Player 6.0.11 .872

- 漏洞讨论

It has been reported that various RealPlayer/RealOne Player releases are prone to multiple exploitable stack and heap overrun vulnerabilities. This is due to insufficient bounds checking when handling malformed files of various supported file types. Exploitation would permit execution of arbitrary code in the context of the user invoking the vulnerable player.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has issued fixed to address these and other vulnerabilities. Users are advised to contact RealNetworks Customer Support to obtain fixes:

http://service.real.com/helix/

Users may also obtain fixed directly through the product interface.

For RealOne Player, RealOne Player v2 and RealPlayer 10 Beta the following actions can be carried out to obtain fixes:

1. In the Tools menu select Check for Update.
2. Select the box next to the "RealPlayer 10" (English) or "RealOne Player" (localized) component.
3. Click the Install button to download and install the update.

For RealPlayer 8 (version 6.0.9.584) the following actions can be carried out to obtain fixes:

1. Go to the Help menu.
2. Select "Check for Update".
3. Select the box next to the "RealPlayer 10" (English) or "RealOne Player" (localized) component.
4. Click the Install button to download and install the update

Real Networks has also released RealPlayer 10 version 6.0.12.690 and RealOne Player 6.0.11.872 that address this issue. Please see the vendor homepage, listed in the reference section, for details on obtaining the updates.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站