Re: RealPlayer Buffer Problem

[Ben Ford <ben () kalifornia com>]

tmorgan-security () kavi com wrote:

> Hello,
>
> I have been sitting on/working on this one for a while, but I am not
> experienced with Buffer overflows, so I have not yet been able to
> produce a proof-of-concept exploit.  I was hoping that someone on
> the list would be luckier than I, or at least explain exactly what
> is possible. Thanks in advance for your help.
>
> Consistent crashes achieved on:
> Windows 98SE, 2000, ME
> Debian/GNU Linux Stable
. . . .

> I am perfectly willing to provide data I have gleaned from gdb, but
> I would like people to test it out for themselves first if possible.
> I do have a sample file for download which seems to immediately and
> consistently crash any RealPlayer that tries to open it.  If anyone
> find differently, I would like to know about it.  The file is
> located at:
>
> http://www.sentinelchicken.net/files/firstrun.rm

Plays just fine on a RedHat7.2 box.


--
So, make a real effort to avoid getting sucked into all the expensive
lifestyle habits of typical Americans.  Because if you do that, then
people with the money will dictate what you do with your life.
                --Richard Stallman
http://www.SecurityExchange.net