Zero Day Initiative Advisory 10-280 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes data for a particular mime type within a RealMedia file. When decoding the data used for rendering, the application will use the length of a string in an addition used to calculate the size of a buffer. The application will zero-extend it and then allocate. Due to the addition, the result of the calculation can be greater than 16-bits, and when the typecast occurs the result will be smaller than expected. When initializing this buffer, a buffer overflow will occur which can allow for code execution under the context of the application.
f505b27fedf42087b38ac140176d227c5e26666f84896b57c68918f09afb40fb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed