9 lines
No EOL
821 B
Text
9 lines
No EOL
821 B
Text
source: http://www.securityfocus.com/bid/1088/info
|
|
|
|
Unchecked buffer code exists in the 'location' field of Real Networks RealPlayer versions 6.0 and 7.0. Requesting a URL containing a string consisting of 300 or more characters would cause the application to crash and would require a restart in order to regain normal functionality. Arbitrary code can potentially be executed through this vulnerability.
|
|
|
|
This vulnerability may be exploited remotely if such a URL were embedded in a HTML file with the command 'autostart' set as 'true'. Both RealPlayer and the accompanying browser would crash in this case and require to be restarted to regain functionality.
|
|
|
|
So far only the Windows versions of the Real Player have been proven to be vulnerable in this manner.
|
|
|
|
http://<string containing over 300 characters> |