[helix-maintainers] Bug#316276: Still interested?
Florian Weimer
fw at deneb.enyo.de
Mon Sep 19 18:29:11 UTC 2005
* Daniel Baumann:
> Florian Weimer wrote:
>> could you provide details why you tagged this bug "security", please?
>
> Of course..
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1766
>
> Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5
> (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and
> RealPlayer Enterprise allows remote attackers to execute arbitrary code
> via an .avi file with a modified strf structure value.
Ah, I see, thanks a lot. I've added this information to our tracker.
We missed it before because the CVE entry talks about RealPlayer only,
and we still have to adjust to the existence of Helix Player. 8-)
More information about the helix-maintainers
mailing list