|
|
| |
Credit:
The information has been provided by Alexander Gavrun.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-12-050/
|
| |
Vulnerable Systems:
* RealPlayer
The specific flaw exists within mp4fformat. The vulnerability resides in adding 1 to a trusted size value being taken out of the file data. The size value is then used in an operator_new call. This can be leveraged when the pointer returned from the operator_new is used in a memcpy as the destination buffer pointer. This vulnerability can result in remote code execution under the context of the user running the application.
Vendor Status:
RealNetworks has issued an update to correct this vulnerability.
Patch Availability:
http://service.real.com/realplayer/security/11182011_player/en/
CVE Information:
CVE-2011-4262
Disclosure Timeline:
2011-09-08 - Vulnerability reported to vendor
2012-03-22 - Coordinated public release of advisory
|
|
|
