Vulnerability Note VU#361181
Helix Player format string vulnerability
Helix Player, and media players based on the Helix Player, contain a format string vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system.
Helix Player is used to play various types of media files on UNIX systems. The Helix Media Player contains a format string vulnerability in the routines that handle media files. A remote attacker can exploit this vulnerability by persuading a user to access a specially crafted media file, such as a realpix (*.rp) or realtext (*.rt) file. In addition, web browsers can be configured to automatically launch the Helix Player when media content is encountered, thus an attack may be triggered by visiting a malicious website.
This issue also affects media players based on the Helix Player, including Real Player for Linux systems. Note there is publicly available exploit code for this vulnerability.
A remote attacker may be able to execute arbitrary code with the privileges of the Helix Media Player process.
Do not access media files from untrusted sources
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian Linux||Affected||-||30 Sep 2005|
|RealNetworks, Inc.||Affected||-||30 Sep 2005|
|Red Hat, Inc.||Affected||-||29 Sep 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by c0ntexb.
This document was written by Jeff Gennari.
- CVE IDs: CAN-2005-2710
- Date Public: 26 Sep 2005
- Date First Published: 28 Sep 2005
- Date Last Updated: 04 Oct 2005
- Severity Metric: 12.58
- Document Revision: 52
If you have feedback, comments, or additional information about this vulnerability, please send us email.