realplayer
Page content
- Author: voroskoi
- Vulnerable: 10.0.8.805_20060718-1
- Unaffected: 10.0.9.809_20070726-1terminus1
A vulnerability has been reported in RealPlayer and Helix Player, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error in the wallclock functionality in “SmilTimeValue::parseWallClockValue()” when handling time formats. This can be exploited to cause a stack-based buffer overflow via an SMIL file with an overly long, specially-crafted time string. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
- Bug Tracker URL: http://bugs.frugalware.org/task/2220