Vulnerability Note VU#172489
RealNetworks products fail to properly handle chunked data
Numerous RealNetworks products do not properly handle chunked data. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.
RealNetworks RealPlayer is a multimedia application that allows users to view local and remote audio/video content.
By convincing a user to open RealPlayer file hosted on a malicious server, a remote unauthenticated attacker can execute arbitrary code.
Apply the patches supplied in the RealNetwork Security Update for March 2006.
Disable RealPlayer in your web browser
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|RealNetworks, Inc.||Affected||-||05 Apr 2006|
|Red Hat, Inc.||Affected||-||17 May 2006|
CVSS Metrics (Learn More)
This vulnerability was reported by iDEFENSE Labs.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2005-2922
- Date Public: 23 Mar 2006
- Date First Published: 05 Apr 2006
- Date Last Updated: 17 May 2006
- Severity Metric: 20.20
- Document Revision: 32
If you have feedback, comments, or additional information about this vulnerability, please send us email.