CVE-2005-2922

Description

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

Affected products

RealNetworks / helix_player10.0 – 10.0
RealNetworks / helix_player10.0.1 – 10.0.1
RealNetworks / helix_player10.0.2 – 10.0.2
RealNetworks / helix_player10.0.3 – 10.0.3
RealNetworks / helix_player10.0.4 – 10.0.4
RealNetworks / helix_player10.0.5 – 10.0.5
RealNetworks / helix_player10.0.6 – 10.0.6
RealNetworks / realone_player
RealNetworks / realone_player0.288 – 0.288
RealNetworks / realone_player0.297 – 0.297
RealNetworks / realone_player1.0 – 1.0
RealNetworks / realone_player2.0 – 2.0
RealNetworks / realplayer
RealNetworks / realplayer8.0 – 8.0
RealNetworks / realplayer10.0 – 10.0
RealNetworks / realplayer10.0.0.305 – 10.0.0.305
RealNetworks / realplayer10.0.0.331 – 10.0.0.331
RealNetworks / realplayer10.0.1 – 10.0.1
RealNetworks / realplayer10.0.2 – 10.0.2
RealNetworks / realplayer10.0.3 – 10.0.3
RealNetworks / realplayer10.0.4 – 10.0.4
RealNetworks / realplayer10.0.5 – 10.0.5
RealNetworks / realplayer10.0.6 – 10.0.6
RealNetworks / realplayer10.5 – 10.5
RealNetworks / realplayer10.5_6.0.12.1040 – 10.5_6.0.12.1040
RealNetworks / realplayer10.5_6.0.12.1053 – 10.5_6.0.12.1053
RealNetworks / realplayer10.5_6.0.12.1056 – 10.5_6.0.12.1056
RealNetworks / realplayer10.5_6.0.12.1059 – 10.5_6.0.12.1059
RealNetworks / realplayer10.5_6.0.12.1069 – 10.5_6.0.12.1069
RealNetworks / realplayer10.5_6.0.12.1235 – 10.5_6.0.12.1235
RealNetworks / rhapsody3.0 – 3.0
RealNetworks / rhapsody3.0_build_0.815 – 3.0_build_0.815

Description

Affected products

References