* Daniel Baumann: > Florian Weimer wrote: >> could you provide details why you tagged this bug "security", please? > > Of course.. > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1766 > > Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 > (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and > RealPlayer Enterprise allows remote attackers to execute arbitrary code > via an .avi file with a modified strf structure value.
Ah, I see, thanks a lot. I've added this information to our tracker. We missed it before because the CVE entry talks about RealPlayer only, and we still have to adjust to the existence of Helix Player. 8-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
