RealPlayer RMP File Version Attribute Buffer Overflow

2013-12-27T00:00:00
ID SAINT:C0EC8A9D60EF5AAF23F5D967D4030229
Type saint
Reporter SAINT Corporation
Modified 2013-12-27T00:00:00

Description

Added: 12/27/2013
CVE: CVE-2013-6877
BID: 64398
OSVDB: 101356

Background

RealNetworks RealPlayer includes an embedded player which plays media embedded in a web page.

Problem

RealNetworks Windows RealPlayer 17.0.2.206 and earlier versions are vulnerable to remote code execution due to improper bounds checking of the version attribute inside the XML declaration. By persuading a vulnerable user to open a specially crafted **RMP** file, a remote attacker could cause a stack buffer overflow, allowing execution of arbitrary code on the system.

Resolution

Upgrade to Windows RealPlayer 17.0.4.61 or higher.

References

<http://service.real.com/realplayer/security/12202013_player/en/>

Limitations

Exploit works against RealPlayer 16.0.3.51 and 16.0.2.32 on Windows XP SP2/SP3.

The user must save the **.rmp** file and open it in the vulnerable version of RealPlayer.

Platforms

Windows