RealPlayer Unspecified Flaw Lets Remote Users Execute Arbitrary Code

[Spyder32]

From Zone H.org:

08/13/2004

Date: Aug 12 2004

Impact: Execution of arbitrary code via network, User access via network

Advisory: eEye Digital Security

Description: A vulnerability was reported in RealPlayer. A remote user can execute arbitrary code.

eEye Digital Security reported that a remote user can cause arbitrary code to be executed on the target user's system with the privileges of the target user. The specific nature of the vulnerability was not reported.

Default installations are affected, the report said.

The vendor was notified on August 9, 2004.

The original notice is available at:

http://www.eeye.com/html/research/up.../20040811.html

Impact: A remote user can execute arbitrary code on the target system with the privileges of the target user.

Solution: No solution was available at the time of this entry.

Vendor URL: www.real.com/

Cause: Not specified

And here's some more information.

[foxyloxley]

Oh that's just great..........
I get ONE piece of S/W I can really work with, and it gets this...........

As an aside. Is there any way of knowing how long they take to sort out, and release the update ?

And is the S/W at risk if you have your security set up running ? As opposed to Joe Public, who wouldn't know security if it bit them on the ass..........

[Spyder32]

The update I'm not too sure about nor really that last question. However, I don't think it's really at-risk that much if you have your security setup running. Like you said, opposed to Joe Public (my name's Joe, but not Public ) who wouldn't have security and would probably have the flaw and the risk at a higher level.