Detections
Analytics
Oracle Linux 4 : HelixPlayer (ELSA-2007-0605)
high Nessus Plugin ID 67538
Language:
Synopsis
The remote Oracle Linux host is missing a security update.Description
From Red Hat Security Advisory 2007:0605 :An updated HelixPlayer package that fixes a buffer overflow flaw is now available.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
HelixPlayer is a media player.
A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)
All users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue.
Solution
Update the affected helixplayer package.See Also
https://oss.oracle.com/pipermail/el-errata/2007-June/000254.html
Plugin Details
Severity: High
ID: 67538
File Name: oraclelinux_ELSA-2007-0605.nasl
Version: 1.11
Type: local
Agent: unix
Published: 7/12/2013
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:oracle:linux:4, p-cpe:/a:oracle:linux:helixplayer
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/27/2007
Vulnerability Publication Date: 6/26/2007
Exploitable With
CANVAS (D2ExploitPack)
Reference Information
CVE: CVE-2007-3410