Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:271

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51806

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:271

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:271.

HelixPlayer is a media player.

A stack based buffer overflow bug was found in HelixPlayer's Synchronized
Multimedia Integration Language (SMIL) file processor. An attacker could
create a specially crafted SMIL file which would execute arbitrary code
when opened by a user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0455 to this issue.

A buffer overflow bug was found in the way HelixPlayer decodes WAV files.
An attacker could create a specially crafted WAV file which could execute
arbitrary code when opened by a user. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-0611 to
this issue.

All users of HelixPlayer are advised to upgrade to this updated package,
which contains HelixPlayer 1.0.3 which is not vulnerable to these
issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-271.html

Risk factor : High

CVSS Score:
5.1

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0455
http://www.idefense.com/application/poi/display?id=209&type=vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10926
http://www.redhat.com/support/errata/RHSA-2005-265.html
http://www.redhat.com/support/errata/RHSA-2005-271.html
Common Vulnerability Exposure (CVE) ID: CVE-2005-0611
20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability
http://marc.info/?l=bugtraq&m=110979465912834&w=2
http://marc.info/?l=vulnwatch&m=110977858619314&w=2
RHSA-2005:265
RHSA-2005:271
http://service.real.com/help/faq/security/050224_player/EN/
oval:org.mitre.oval:def:11419
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51806
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:271
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:271. HelixPlayer is a media player. A stack based buffer overflow bug was found in HelixPlayer's Synchronized Multimedia Integration Language (SMIL) file processor. An attacker could create a specially crafted SMIL file which would execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0455 to this issue. A buffer overflow bug was found in the way HelixPlayer decodes WAV files. An attacker could create a specially crafted WAV file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0611 to this issue. All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer 1.0.3 which is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-271.html Risk factor : High CVSS Score: 5.1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0455 http://www.idefense.com/application/poi/display?id=209&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10926 http://www.redhat.com/support/errata/RHSA-2005-265.html http://www.redhat.com/support/errata/RHSA-2005-271.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0611 20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability http://marc.info/?l=bugtraq&m=110979465912834&w=2 http://marc.info/?l=vulnwatch&m=110977858619314&w=2 RHSA-2005:265 RHSA-2005:271 http://service.real.com/help/faq/security/050224_player/EN/ oval:org.mitre.oval:def:11419 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com