You are here

V-049: RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code

December 18, 2012 - 1:30am

Addthis

PROBLEM:

RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code

PLATFORM:

Windows RealPlayer 15.0.6.14 and prior.

ABSTRACT:

Two vulnerabilities were reported in RealPlayer.

REFERENCE LINKS:

RealPlayer Security Vulnerabilities
Secunia Advisory SA51589
SecurityTracker Alert ID:  1027893
CVE-2012-5690
CVE-2012-5691 

IMPACT ASSESSMENT:

Medium

DISCUSSION:

Two vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.

A remote user can create a specially crafted RealAudio file that, when loaded by the target user, will trigger an invalid pointer flaw and execute arbitrary code on the target system [CVE-2012-5690]. The code will run with the privileges of the target user.

A remote user can create a specially crafted RealMedia file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2012-5691]. The code will run with the privileges of the target user.

IMPACT:

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

SOLUTION:

The vendor has issued a fix (16.0.0.282).
 

Addthis