RealNetworks RealPlayer PNG Deflate Heap Corruption Vulnerability

A heap corruption vulnerability has been reported for RealPlayer that may result in the execution of attacker-supplied code.

The vulnerability is related to the way RealPlayer handles PNG image files. Specifically, the vulnerability occurs when RealPlayer attempts to decompress PNG image files.

An attacker can exploit this vulnerability by tricking a user into viewing a maliciously constructed PNG image file. When the image file is rendered by the RealPlayer, it will trigger the heap corruption condition and overwrite critical areas in memory with attacker-supplied values.


Privacy Statement
Copyright 2010, SecurityFocus