RealPlayer.SWF.Parsing.Heap.Overflow

Release Date Feb 02, 2007
Severity low
Impact This issue can result in memory corruption and facilitate arbitrary code execution. A successful attack can allow remote attackers to execute arbitrary code in the context of the application to gain unauthorized access.
Description Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player, allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a a size value that is less than the actual size, or (2) other unspecified manipulations.
Affected Products Real_Realplayer_10 Real_Realplayer_8.0 Real_RealOne_1.0 Real_RealOne_2.0
Recommended Actions Refer to the RealNetworks Customer Support - Real Security Updates Web page for upgrade information. See References. For Red Hat Linux: Refer to Red Hat Linux Security Advisory RHSA-2006:0257-9 for patch, upgrade, or suggested workaround information. See References. For Gentoo Linux: Refer to Gentoo Linux Security Announcement GLSA 2006-03-24 for patch, upgrade, or suggested workaround information. See References. For SUSE Linux: Refer to SUSE Security Announcement SUSE-SA:2006:018 for patch, upgrade, or suggested workaround information. See References. For other distributions: Contact your vendor for upgrade or patch information.
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2006-0323
Reference/s http://www.securityfocus.com/bid/17202 (BugTraq)

Fortinet