[helix-maintainers] Bug#358754: [CVE-2005-2922] Invalid chunk size heap overflow vulnerability

Fri Mar 24 10:20:50 UTC 2006

Package: helix-player
Version: 1.0.6-3
Severity: grave
Tags: security

A new vulnerability in helix-player has been disclosed.

From: labs-no-reply <labs-no-reply at idefense.com>
Subject: [VulnWatch] iDefense Security Advisory 03.23.06: RealNetworks RealPlayer and
 Helix Player Invalid Chunk Size Heap Overflow Vulnerability
To: bugtraq at securityfocus.com, vulnwatch at vulnwatch.org,
	full-disclosure at lists.grok.org.uk
Date: Thu, 23 Mar 2006 17:57:49 -0500
Message-ID: <442327ED.4050605 at idefense.com>

RealNetworks RealPlayer and Helix Player Invalid Chunk Size Heap
Overflow Vulnerability

iDefense Security Advisory 03.23.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404
March 23, 2006

I. BACKGROUND

RealPlayer is an application for playing various media formats,
developed by RealNetworks Inc. For more information, visit
http://www.real.com/.

II. DESCRIPTION

Remote exploitation of a heap-based buffer overflow in RealNetwork Inc's
RealPlayer could allow the execution of arbitrary code in the context of
the currently logged in user.

[...]