安全研究
安全漏洞
RealNetworks RealPlayer PNG远程堆破坏漏洞
发布日期:2003-03-28
更新日期:2003-04-02
受影响系统:
Real Networks RealPlayer 8.0 Win32描述:
Real Networks RealPlayer 8.0 Mac
Real Networks RealOne Player 9.0.0.297 for OS X
Real Networks RealOne Player 9.0.0.288 for OS X
Real Networks RealOne Player 6.0.11.853
Real Networks RealOne Player 6.0.11.841
Real Networks RealOne Player 6.0.11.830
Real Networks RealOne Player 6.0.11.818
Real Networks RealOne Player 2.0
Real Networks RealOne Enterprise Desktop 6.0.11.774
Real Networks RealPlayer 8.0 Unix
- Caldera OpenLinux Workstation 3.1
- Debian Linux 2.2
- HP HP-UX 11.11
- HP HP-UX 11.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 4.2.1
- IBM AIX 4.2
- Mandrake Linux 8.0
- Mandrake Linux 7.2
- RedHat Linux 7.2
- RedHat Linux 7.1
- RedHat Linux 7.0
- RedHat Linux 6.2
- SGI IRIX 6.5.14
- SGI IRIX 6.5.13m
- SGI IRIX 6.5.13f
- SGI IRIX 6.5.13
- SGI IRIX 6.5.12m
- SGI IRIX 6.5.12f
- SGI IRIX 6.5.12
- SGI IRIX 6.5.11m
- SGI IRIX 6.5.11f
- SGI IRIX 6.5.11
- SGI IRIX 6.3
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- SuSE Linux 7.2
- SuSE Linux 7.1
- SuSE Linux 7.0
Real Networks RealOne Player Gold for Windows 6.0.10.505
- Microsoft Windows XP Professional
- Microsoft Windows XP Home
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows ME
- Microsoft Windows 98 SE
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
BUGTRAQ ID: 7177
CVE(CAN) ID: CVE-2003-0141
RealPlayer是一款由RealNetworks公司提供的用于播放在线音频和视频的软件。程序可以包放多种媒体文件,包括处理PNG图形文件格式。
RealPlayer在处理PNG文件时存在漏洞,远程攻击者可以利用这个漏洞进行基于堆的破坏,可能以RealPlayer进程权限在系统上执行任意指令。
攻击者可以构建恶意PNG图象文件,诱使Realplayer用户解析,由于在渲染PNG图象文件时存在漏洞,可导致触发基于堆的破坏,可能以RealPlayer进程权限在系统上执行任意指令。
不过没有提供详细漏洞细节。
<*来源:Core Security Technologies
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104887465427579&w=2
*>
建议:
厂商补丁:
Real Networks
-------------
RealOne Player,RealPlayer 8和RealOne Player version 2可以按照如下方法升级:
1、选择菜单'工具'项
2、选择"升级检查"
3、选择"Security Update - March 2003"框。
4、点击'安装'按钮。
OS X系统下的RealOne Player可以从如下地址获得升级补丁:
http://forms.real.com/real/realone/mac.html.
MacOS下的RealPlayer 8可从如下地址获得补丁:
Real Networks RealPlayer 8.0 Mac:
RealNetworks Patch RP8_Security_March03.sit.hqx
http://service.real.com/help/faq/security/03272003/RP8_Security_March03.sit.hqx
浏览次数:3637
严重程度:0(网友投票)
绿盟科技给您安全的保障