SAINT CorporationSAINT:1EDD075E3B741FDE23DF6A9A87232985RealPlayer RMP File Version Attribute Buffer Overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.755 High
EPSS
Percentile
98.1%
Added: 12/27/2013
CVE: CVE-2013-6877
BID: 64398
OSVDB: 101356
Background
RealNetworks RealPlayer includes an embedded player which plays media embedded in a web page.
Problem
RealNetworks Windows RealPlayer 17.0.2.206 and earlier versions are vulnerable to remote code execution due to improper bounds checking of the version attribute inside the XML declaration. By persuading a vulnerable user to open a specially crafted **RMP** file, a remote attacker could cause a stack buffer overflow, allowing execution of arbitrary code on the system.
Resolution
Upgrade to Windows RealPlayer 17.0.4.61 or higher.
References
<http://service.real.com/realplayer/security/12202013_player/en/>
Limitations
Exploit works against RealPlayer 16.0.3.51 and 16.0.2.32 on Windows XP SP2/SP3.
The user must save the **.rmp** file and open it in the vulnerable version of RealPlayer.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.755 High
EPSS
Percentile
98.1%