Rule:

--
Sid:
3822

--
Summary:
This event is generated when an attempt is made to exploit a
buffer overflow associated with RealPlayer handling of a version
error associated with a RealText (.rt) file.

--
Impact:
A successful attack can cause a buffer overflow of the client
host and the subsequent execution of arbitrary code at the
privilege of the current user.

--
Detailed Information:
The RealPlayer media player uses RealText to support
streaming text documents.  A vulnerability exists in
the way RealPlayer handles a malformed request for a .rt
file that contains an incorrect RealText version number.
If an overly long .rt filename is requested and an
incorrect RealText version is specified, a buffer allocated
to handle error conditions can be overflowed.  This
may permit the execution of arbitrary code

--
Affected Systems:
	RealNetworks RealPlayer 8, 10, 10.5
	RealNetworks RealPlayer Enterprise
	RealNetworks RealOne Player v1, v2
	RealNetworks Helix Player 1.0.4 and prior

--
Attack Scenarios:
An attacker can entice a user to download and play a RealText
file with a long name and return a RealText version error,
causing a buffer overflow on a vulnerable client.

--
Ease of Attack:
Moderately difficult.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the most current non-affected version of the product.

--
Contributors:
Sourcefire Vulnerability Research Team
Brian Caswell<bmc@sourcefire.com>
Judy Novak <judy.novak@sourcefire.com>

--
Additional References

Other:
http://www.idefense.com/application/poi/display?id=250&type=vulnerabilities

--
