Dave, this isn't the toy you were playing with, back when, is it?

[Richard Thieme <rthieme () thiemeworks com>]

one night or for several nights in fact, a few months ago, you were a little obsessed with something like this, if I 
remember correctly. wasn't this one, was it?

Richard 



> X-HDC-Mailer: Hosting.com
> X-HDC-Tracker: Thu, 23 Jun 2005 16:33:30 -0400 (EDT)|<rthieme () thiemeworks 
> com>|bugtraq-return-20077-rthieme=thiemeworks.com () securityfocus 
> com|outgoing.securityfocus.com|ss063.sdf.hosting.com|j5NKXUFN018340
> X-HDC-Abuse: abuse () hosting com
> Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
> List-Id: <bugtraq.list-id.securityfocus.com>
> List-Post: <mailto:bugtraq () securityfocus com>
> List-Help: <mailto:bugtraq-help () securityfocus com>
> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
> Delivered-To: mailing list bugtraq () securityfocus com
> Delivered-To: moderator for bugtraq () securityfocus com
> Subject: eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow
> Date: Thu, 23 Jun 2005 11:46:17 -0700
> X-MS-Has-Attach: 
> X-MS-TNEF-Correlator: 
> Thread-Topic: eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow
> Thread-Index: AcV4I9Z9YBdJOTy7TBe6ktCbcnqPjw==
> From: <Advisories () eeye com>
> To: <bugtraq () securityfocus com>, <full-disclosure () lists grok org uk>,
>        <vulnwatch () vulnwatch org>
> X-OriginalArrivalTime: 23 Jun 2005 18:46:25.0432 (UTC) FILETIME=[DBA7C180:01C57823]
> X-MIME-Autoconverted: from quoted-printable to 8bit by ss063.sdf.hosting.com id j5NKXUFN018340
>
> RealPlayer vidplin.dll AVI Processing Heap Overflow
>
> Release Date:
> June 23, 2005
>
> Date Reported:
> May 4, 2005
>
> Patch Development Time (In Days): 36
>
> Severity:
> High (Code Execution)
>
> Vendor:
> RealNetworks
>
> Systems Affected:
> For Microsoft Windows
>
> RealPlayer 10.5 (6.0.12.1040-1069)
> RealPlayer 10
> RealOne Player v2
> RealOne Player v1
> RealPlayer 8
> RealPlayer Enterprise
>
> Overview:
> eEye Digital Security has discovered a critical vulnerability in
> RealPlayer. The vulnerability allows a remote attacker to reliably
> overwrite heap memory with arbitrary data and execute arbitrary code in
> the context of the user who executed the player.
>
> This specific flaw exists within the vidplin.dll file used by
> RealPlayer. By specially crafting a malformed .avi movie file, a direct
> heap overwrite is triggered, and reliable code execution is then
> possible.  This vulnerability can be trigger when a user views a
> webpage, or opens an .avi file via email, instant messenger, or other
> common file transfer programs.
>
> Technical Details:
> When processing AVI files RealPlayer calls upon a specific DLL,
> vidplin.dll, where the vulnerability lies.  Realplayer relies
> on a strf structure value and allocates a fixed memory space of 0x428
> that can be overflowed with values greater than the fixed buffer size
> causing arbitrary code to be executed.
>
> Protection:
> Retina - Network Security Scanner - has been updated to identify this
> vulnerability.
> Blink - End-point Vulnerability Prevention - protects from this
> vulnerability.
>
> Vendor Status:
> RealNetworks has released a patch for this vulnerability.
>
> http://service.real.com/help/faq/security/050623_player/EN/
>
>
> Credit:
> Discovery: Flashsky
>
> Related Links:
> Retina Network Security Scanner - Free 15 Day Trial
> http://www.eeye.com/html/Products/Retina/download.html
>
> Blink End Point Vulnerability Prevention
> http://www.eeye.com/html/Products/Blink
>
> Copyright (c) 1998-2005 eEye Digital Security
> Permission is hereby granted for the redistribution of this alert
> electronically. It is not to be edited in any way 
> without express consent of eEye. If you wish to reprint the whole or any
> part of this alert in any other medium excluding 
> electronic medium, please email alert () eEye com for permission.
>
> Disclaimer
> The information within this paper may change without notice. Use of this
> information constitutes acceptance for use in an 
> AS IS condition. There are no warranties, implied or express, with
> regard to this information. In no event shall the author 
> be liable for any direct or indirect damages whatsoever arising out of
> or in connection with the use or spread of this 
> information. Any use of this information is at the user's own risk.


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave