+++ This bug was initially created as a clone of Bug #159864 +++ This vulnerability involved a complex interaction between a maliciously created SMIL file and specifically crafted web server caused a heap overflow in the error message processing for RealText which could have allowed an attacker to execute arbitrary code on a customer's machine. This issue also affects HelixPlayer
I will attach a patch as soon as I have one.
RHEL-4 built and symlinked HelixPlayer-1.0.5-0.EL4.1
Josh are you taking care of teh errata for this?
Yes, this is RHSA-2005:517, it has already passed QA. We're just waiting on the embargo.
Lifting embargo
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-517.html