blob: 3d658cfaff254f0a0babb0ae709da4ea8f3d5289 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200603-24">
<title>RealPlayer: Buffer overflow vulnerability</title>
RealPlayer is vulnerable to a buffer overflow that could lead to remote
execution of arbitrary code.
<product type="ebuild">RealPlayer</product>
<announced>March 26, 2006</announced>
<revised>March 26, 2006: 01</revised>
<package name="media-video/realplayer" auto="yes" arch="*">
<unaffected range="ge">10.0.7</unaffected>
<vulnerable range="lt">10.0.7</vulnerable>
RealPlayer is a multimedia player capable of handling multiple
multimedia file formats.
RealPlayer is vulnerable to a buffer overflow when processing
malicious SWF files.
<impact type="normal">
By enticing a user to open a specially crafted SWF file an
attacker could execute arbitrary code with the permissions of the user
running the application.
There is no known workaround at this time.
All RealPlayer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-video/realplayer-10.0.7&quot;</code>
<uri link="">CVE-2006-0323</uri>
<uri link="">RealNetworks Advisory</uri>
<metadata tag="requester" timestamp="Thu, 23 Mar 2006 23:38:12 +0000">
<metadata tag="submitter" timestamp="Fri, 24 Mar 2006 13:36:18 +0000">
<metadata tag="bugReady" timestamp="Sun, 26 Mar 2006 17:28:15 +0000">