RealPlayer Zipped Skin File Buffer Overflow

eEye Digital Security has discovered a vulnerability in RealPlayer that allows a remote attacker to reliably overwrite the stack with arbitrary data and execute arbitrary code in the context of the user under which the player is running.

A RealPlayer skin file (.rjs extension) can be downloaded and applied automatically through a web browser without the user's permission. A skin file is a bundle of graphics and a .ini file, stored together in ZIP format. DUNZIP32.DLL, which is included with RealPlayer, is used to extract the contents of the skin file. When an .rjs file containing a long file name (greater than around 0x8000 bytes) is opened, either in RealPlayer or through a web browser, a stack based buffer overflow occurs, allowing an exception handler record to be overwritten and EIP to be hijacked.

News source: eEye Digital Security

View: Full Details

Report a problem with article
Previous Story

New version of MSN Messenger 7 hits Beta Place

Next Story

Rise of Nations Gold Edition Sighted

0 Comments

Commenting is disabled on this article.

There are no comments