Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 826-1 (helix-player)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to helix-player announced via advisory DSA 826-1. Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources. CVE-2005-1766 Buffer overflow in the RealText parser could allow remote code execution via a specially crafted RealMedia file with a long RealText string. CVE-2005-2710 Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the image handle attribute in a RealPix (.rp) or RealText (.rt) file.
Solution
Solution
For the stable distribution (sarge), these problems have been fixed in version 1.0.4-1sarge1 For the unstable distribution (sid), these problems have been fixed in version 1.0.6-1 We recommend that you upgrade your helix-player package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20826-1