DescriptionHeap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
- SUSE-SA:2006:018, published Thu, 23 Mar 2006 12:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|Novell Linux Desktop 9 for x86 |
Novell Linux Desktop 9 for x86_64
YOU Patch Nr: 10916
|SUSE LINUX 10.0 |
SUSE LINUX 9.2
SUSE LINUX 9.3