Windows : RealPlayer Skin File Remote Buffer Overflow

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.15789

Categoría: Windows

Título: RealPlayer Skin File Remote Buffer Overflow

Resumen: NOSUMMARY

Descripción: Description:

The remote host has RealPlayer installed. There is a flaw in the remote
version of this software which may allow an attacker to execute arbitrary
code on the remote host, with the privileges of the user running RealPlayer.

To do so, an attacker would need to send a corrupted skin file to
a remote user and have him open it using RealPlayer.

Solution : Upgrade to the newest version of this software

If you have uninstalled RealPlayer you may wish to delete
the old registry key at SOFTWARE\RealNetworks\RealPlayer.

Risk factor : High

Referencia Cruzada: BugTraq ID: 11555
Common Vulnerability Exposure (CVE) ID: CVE-2004-1094
http://www.securityfocus.com/bid/11555
Bugtraq: 20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow (Google Search)
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html
Bugtraq: 20041027 High Risk Vulnerability in RealPlayer (Google Search)
http://marc.info/?l=bugtraq&m=109894226007607&w=2
Bugtraq: 20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/420274/100/0/threaded
Bugtraq: 20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/429361/100/0/threaded
Bugtraq: 20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/445369/100/0/threaded
CERT/CC vulnerability note: VU#582498
http://www.kb.cert.org/vuls/id/582498
http://www.networksecurity.fi/advisories/dtsearch.html
http://www.networksecurity.fi/advisories/lotus-notes.html
http://www.networksecurity.fi/advisories/mcafee-virusscan.html
http://www.networksecurity.fi/advisories/multiledger.html
http://www.networksecurity.fi/advisories/payroll.html
http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html
http://www.osvdb.org/19906
http://securitytracker.com/id?1011944
http://securitytracker.com/id?1012297
http://securitytracker.com/id?1016817
http://secunia.com/advisories/17096
http://secunia.com/advisories/17394
http://secunia.com/advisories/18194
http://secunia.com/advisories/19451
http://securityreason.com/securityalert/296
http://securityreason.com/securityalert/653
http://www.vupen.com/english/advisories/2005/2057
http://www.vupen.com/english/advisories/2006/1176
XForce ISS Database: payroll-dunzip32-bo(22737)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22737
XForce ISS Database: realplayer-dunzip32-bo(17879)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17879

Copyright This script is Copyright (C) 2004 Tenable Network Security

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.15789
Categoría:	Windows
Título:	RealPlayer Skin File Remote Buffer Overflow
Resumen:	NOSUMMARY
Descripción:	Description: The remote host has RealPlayer installed. There is a flaw in the remote version of this software which may allow an attacker to execute arbitrary code on the remote host, with the privileges of the user running RealPlayer. To do so, an attacker would need to send a corrupted skin file to a remote user and have him open it using RealPlayer. Solution : Upgrade to the newest version of this software If you have uninstalled RealPlayer you may wish to delete the old registry key at SOFTWARE\RealNetworks\RealPlayer. Risk factor : High
Referencia Cruzada:	BugTraq ID: 11555 Common Vulnerability Exposure (CVE) ID: CVE-2004-1094 http://www.securityfocus.com/bid/11555 Bugtraq: 20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow (Google Search) http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html Bugtraq: 20041027 High Risk Vulnerability in RealPlayer (Google Search) http://marc.info/?l=bugtraq&m=109894226007607&w=2 Bugtraq: 20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/420274/100/0/threaded Bugtraq: 20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/429361/100/0/threaded Bugtraq: 20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/445369/100/0/threaded CERT/CC vulnerability note: VU#582498 http://www.kb.cert.org/vuls/id/582498 http://www.networksecurity.fi/advisories/dtsearch.html http://www.networksecurity.fi/advisories/lotus-notes.html http://www.networksecurity.fi/advisories/mcafee-virusscan.html http://www.networksecurity.fi/advisories/multiledger.html http://www.networksecurity.fi/advisories/payroll.html http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html http://www.osvdb.org/19906 http://securitytracker.com/id?1011944 http://securitytracker.com/id?1012297 http://securitytracker.com/id?1016817 http://secunia.com/advisories/17096 http://secunia.com/advisories/17394 http://secunia.com/advisories/18194 http://secunia.com/advisories/19451 http://securityreason.com/securityalert/296 http://securityreason.com/securityalert/653 http://www.vupen.com/english/advisories/2005/2057 http://www.vupen.com/english/advisories/2006/1176 XForce ISS Database: payroll-dunzip32-bo(22737) https://exchange.xforce.ibmcloud.com/vulnerabilities/22737 XForce ISS Database: realplayer-dunzip32-bo(17879) https://exchange.xforce.ibmcloud.com/vulnerabilities/17879
Copyright	This script is Copyright (C) 2004 Tenable Network Security