TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... The DVLabs research team discovered 10 unique Adobe Shockwave vulnerabilities during October and November of 2010.

RealNetworks RealPlayer MDPR Chunk Size Remote Code Execution Vulnerability

TPTI-10-18: December 10th, 2010

CVE ID

Affected Vendors

Affected Products

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within RealPlayer's handling of Internet Video Recording (.ivr) files. While parsing the MLTI chunk the process trusts the field responsible for denoting the size of an embedded MDPR chunk. By modifying this value in an IVR file an attacker can force a misallocation on the heap. The process can then be made to write past the bounds of the buffer, corrupting memory. This can be leveraged to execute arbitrary code under the context of the user invoking RealPlayer.

Vendor Response

RealNetworks has issued an update to correct this vulnerability. More details can be found at:

Disclosure Timeline

    2010-08-12 - Vulnerability reported to vendor
    2010-12-10 - Coordinated public release of advisory

Credit

This vulnerability was discovered by: