RealPlayer RA Field Size File Processing Heap Overflow Vulnerability

ID ZDI-07-063
Type zdi
Reporter Anonymous
Modified 2007-11-09T00:00:00


This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .ra/.ram file or visit a malicious web site.

The specific flaw exists during the parsing of files with improperly defined size field in the RA header. Specifying a large unsigned value data can trigger a heap corruption and further result in arbitrary code execution under the context of the logged in user.