exploit the possibilities
Showing 1 - 1 of 1 RSS Feed


Zero Day Initiative Advisory 10-212
Posted Oct 16, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must open a malicious website or media file. The specific flaw exists within the code responsible for parsing Name Value Property (NVP) elements from within logical streams in a RealPlayer media file. Specifically, a function within the rjrmrpln.dll file allocates a buffer on the heap which can be directly influenced from data within the file. This buffer is then written to using another value defined in the file and thus also controlled. By crafting a malicious media file an attacker can abuse this to execute arbitrary code under the context of the user running the player.

tags | advisory, remote, arbitrary
advisories | CVE-2010-3750
MD5 | d4a5787af885913ccaf68effed777ae9
Page 1 of 1

Top Authors In Last 30 Days

packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By