|
|
|
|
| |
Credit:
The information has been provided by Damian Put.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-12-046/
|
| |
Vulnerable Systems:
* RealPlayer
The specific flaw exists within how the application parses information out of the codec-specific data located within a media description header. When making space for audio-sample data, the application will allocate a static size. When decoding sample data into this buffer, an overflow will occur which can lead to memory corruption that can lead to code execution under the context of the application.
Vendor Status:
RealNetworks has issued an update to correct this vulnerability.
Patch Availability:
http://service.real.com/realplayer/security/11182011_player/en/
CVE Information:
CVE-2011-4257
Disclosure Timeline:
2011-08-12 - Vulnerability reported to vendor
2012-03-20 - Coordinated public release of advisory
|
|
|
|
|
