TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... In December of 2007, Microsoft released seven security bulletins which fixed 11 new security vulnerabilities. TippingPoint and ZDI were credited with discovering a total of four of those vulnerabilities.

RealNetworks RealPlayer MDPR Chunk Size Remote Code Execution Vulnerability

TPTI-10-18: December 10th, 2010

CVE ID

Affected Vendors

Affected Products

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within RealPlayer's handling of Internet Video Recording (.ivr) files. While parsing the MLTI chunk the process trusts the field responsible for denoting the size of an embedded MDPR chunk. By modifying this value in an IVR file an attacker can force a misallocation on the heap. The process can then be made to write past the bounds of the buffer, corrupting memory. This can be leveraged to execute arbitrary code under the context of the user invoking RealPlayer.

Vendor Response

RealNetworks has issued an update to correct this vulnerability. More details can be found at:

Disclosure Timeline

    2010-08-12 - Vulnerability reported to vendor
    2010-12-10 - Coordinated public release of advisory

Credit

This vulnerability was discovered by: