|
|
|
|
| |
Credit:
The information has been provided by Sebastian Apelt and Andreas Schmidt.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-280/
|
| |
Vulnerable Systems:
* RealNetworks RealPlayer
The specific flaw exists within how the application decodes data for a particular mime type within a RealMedia file. When decoding the data used for rendering, the application will use the length of a string in an addition used to calculate the size of a buffer. The application will zero-extend it and then allocate. Due to the addition, the result of the calculation can be greater than 16-bits, and when the typecast occurs the result will be smaller than expected. When initializing this buffer, a buffer overflow will occur which can allow for code execution under the context of the application.
Patch Availability:
RealNetworks has issued an update to correct this vulnerability. More details can be found at
http://service.real.com/realplayer/security/12102010_player/en/
CVE Information:
CVE-2010-4392
Disclosure Timeline:
2010-08-25 - Vulnerability reported to vendor
2010-12-10 - Coordinated public release of advisory
|
|
|
|
|
