RealNetworks RealOne Player/RealPlayer Remote R3T File Stack Buffer Overflow Vulnerability

It has been reported that RealOne Player and RealPlayer are prone to a remote stack-based buffer overflow vulnerability. The issue is exposed when the software processes a malformed .R3T file. This issue is due to a failure of the application to properly validate string boundaries when copying user supplied input into finite buffers.

Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application.


Privacy Statement
Copyright 2010, SecurityFocus