RealNetworks RealPlayer QCP Parsing

2011-09-12T00:00:00
ID SAINT:45BC9FEE26E8638812213C876D235F12
Type saint
Reporter SAINT Corporation
Modified 2011-09-12T00:00:00

Description

Added: 09/12/2011
CVE: CVE-2011-2950
BID: 49172
OSVDB: 74549

Background

RealPlayer is a media player application which can play back various multimedia file formats, including QCP audio files. The QCP file format is frequently used to provide ring tones and to record voice for cellular telephones.

Problem

A heap buffer overflow vulnerability exists in RealPlayer **qcpfformat.dll** when handling **fmt** chunks in QCP files.

Resolution

Upgrade to the latest version of RealPlayer, as identified in August 2011 Real Player update.

References

<http://zerodayinitiative.com/advisories/ZDI-11-265/>

Limitations

Exploit works on RealNetworks RealPlayer 14.0.2.633 on Microsoft Windows XP with KB959426. The target user must open the exploit page using Internet Explorer 8.

Platforms

Windows XP