Arbitrary Code Execution Vulnerability in RealPlayer - 28 Oct 2004
A vulnerability in RealPlayer could result in the remote execution of arbitrary code on the vulnerable system.
October 27, 2004
Reported October 28, 2004,by eEye Digital Security
VERSIONS AFFECTED
DESCRIPTION
A vulnerability in RealPlayer could result in the remote execution of arbitrarycode on the vulnerable system. When an .rjs file containing a long filename (largerthan about 0x8000 bytes) is opened, either in RealPlayer or through a Webbrowser, a stack-based buffer overflow occurs, allowing an exception-handlerrecord to be overwritten and the Execution Instruction Point (EIP) to behijacked.
VENDOR RESPONSE
The author, RealNetworks, hasreleased a patch (available via the Check for Update menu item under Tools onthe RealPlayer menu bar) to address this vulnerability.
CREDIT
Discovered by eEye Digital Security.
About the Author
You May Also Like