DescriptionHeap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2006:018, published Thu, 23 Mar 2006 12:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 01:55:35 2013
CVE page last modified: Fri Oct 7 12:45:31 2022