Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.


RealNetworks RealPlayer ImageMap Remote Code Execution Vulnerability

Reference ID: SSA-1024
Publication date: 10.12.2010
Severity: critical
Discovered by: Sebastian Apelt

Description from ZDI advisory: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within how the application decodes data for a particular mime type within a RealMedia file. When decoding the data used for rendering, the application will use the length of a string in an addition used to calculate the size of a buffer. The application will zero-extend it and then allocate. Due to the addition, the result of the calculation can be greater than 16-bits, and when the typecast occurs the result will be smaller than expected. When initializing this buffer, a buffer overflow will occur which can allow for code execution under the context of the application.