|
|
|
|
| |
Credit:
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=839
|
| |
Vulnerable Systems:
* Windows RealPlayer 11.0.0 - 11.0.4
* Mac RealPlayer 10
The vulnerability occurs in the CGIFCodec::InitDecompress() function, which does not properly validate a field in the GIF file before using it in an arithmetic operation that calculates the size of a heap buffer. This issue leads to heap corruption, which can result in the execution of arbitrary code.
Exploitation of this issue allows an attacker to execute arbitrary code within the security context of the current user. An attacker would need to entice a victim into opening a RTSP stream. Upon the victim opening the stream, the attack would inject a malformed compressed GIF image into a RTSP stream to exploit this issue. It should be noted that RealPlayer can be instantiated within a Web browser. This means an attacker could host a malicious Web page and entice a victim into visiting this page. Upon visiting the page, exploitation would occur.
Patch Availability:
RealNetworks has released a patch which addresses this issue. Information about downloadable vendor updates can be found by clicking on the following URL:
http://service.real.com/realplayer/security/01192010_player/en/
Workaround:
RealPlayer users should change the GIF filetype association to another application. It is also recommended that RealPlayer users disable the RealPlayer plugins contained within the Web browsers plugins directory by changing the file permissions to deny execution of these files. These workarounds will limit the functionality of RealPlayer by disabling GIF support and web browser plugin features. These workarounds may not mitigate all exploitation vectors but will likely prevent the majority of likely scenarios.
CVE Information:
CVE-2009-4245
Disclosure Timeline:
05/13/2008 Initial Contact
05/03/2008 Initial Response
02/01/2010 Coordinated public disclosure.
|
|
|
|
|
