You are here

V-228: RealPlayer Buffer Overflow and Memory Corruption Error Let Remote Users Execute Arbitrary Code

August 27, 2013 - 6:00am

Addthis

PROBLEM:

Two vulnerabilities were reported in RealPlayer

PLATFORM:

RealPlayer 16.0.2.32 and prior

ABSTRACT:

A remote user can cause arbitrary code to be executed on the target user's system

REFERENCE LINKS:

Security Tracker Alert ID 1028953
RealNetworks Security Bulletin
CVE-2013-4973
CVE-2013-4974

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A remote user can create a specially crafted RMP file that, when loaded by the target user, will trigger a stack overflow and execute arbitrary code on the target system.

A remote user can create a specially crafted RealMedia file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system.

IMPACT:

Access control error

SOLUTION:

vendor recommends upgrading to version 16.0.3.51

Addthis