[Full-disclosure] Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities

Type securityvulns
Reporter Securityvulns
Modified 2006-04-11T00:00:00


Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities

By Sowhat of Nevis Labs Date: 2006.03.22

http://www.nevisnetworks.com http://secway.org/advisory/AD20060322.txt

CVE: CVE-2006-0323 US CERT: VU#231028

Vendor RealNetworks Inc.

Products affected:

Windows RealPlayer 8 RealOne Player & RealOne Player V2 RealPlayer 10 RealPlayer 10.5

Macintosh RealOne Player RealPlayer 10

Linux RealPlayer 10


RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. For more information, visit http://www.real.com/.


There are multiple vulnerabilities found in swfformat.dll. A carefully crafted .swf file may execute arbitrary code or crash the RealPlayer.

By persuading a user to access a specially crafted SWF file with RealPlayer, a remote attacker may be able to execute arbitrary code. And also, these vulnerabilities can be triggered remotely through ActiveX in IE.

By setting the size of SWF files to a value smaller than the actual size, you can trigger one of the vulnerabilities.

Actually, there are multiple holes that have been fixed in swfformat.dll.


No PoC will be released for this.



Vendor Response:

2005.10.07 Vendor notified via email 2005.10.07 Vendor responded 2005.03.22 Patch released 2006.04.11 Advisory released

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.


Greetings to Paul Gese@real.com, Chi, OYXin, Narasimha Datta and all Nevis Labs guys.


  1. http://service.real.com/realplayer/security/03162006_player/en/
  2. http://www.kb.cert.org/vuls/id/231028
  3. http://www.macromedia.com/licensing/developer/fileformat/faq/
  4. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323
  5. http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml
  6. http://www.novell.com/linux/security/advisories/2006_18_realplayer.html
  7. http://secunia.com/advisories/19358/

-- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/