RealNetworks RealPlayer QCP Parsing

2011-09-1200:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON

Added: 09/12/2011
CVE: CVE-2011-2950
BID: 49172
OSVDB: 74549

Background

RealPlayer is a media player application which can play back various multimedia file formats, including QCP audio files. The QCP file format is frequently used to provide ring tones and to record voice for cellular telephones.

Problem

A heap buffer overflow vulnerability exists in RealPlayer **qcpfformat.dll** when handling **fmt** chunks in QCP files.

Resolution

Upgrade to the latest version of RealPlayer, as identified in August 2011 Real Player update.

References

<http://zerodayinitiative.com/advisories/ZDI-11-265/>

Limitations

Exploit works on RealNetworks RealPlayer 14.0.2.633 on Microsoft Windows XP with KB959426. The target user must open the exploit page using Internet Explorer 8.