Lucene search
Luigi AuriemmaZDI-12-048HistoryMar 22, 2012 - 12:00 a.m.
RealNetworks RealPlayer VIDOBJ_START_CODE Remote Code Execution Vulnerability
2012-03-2200:00:00
Luigi Auriemma
www.zerodayinitiative.com
14
EPSS
0.012
Percentile
85.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within dmp4.dll, specifically the decoding of an MPEG stream. When encountering a VIDOBJ_START_CODE object the process inproperly validates the size of the destination buffer used for rendering. The contents of a decoded frame are copied to this region which can result in heap corruption if the decoded frame size exceeds the size of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
Related
cvelist
cvelist
CVE-2012-0924
2012-02-08 15:00:00
seebug
seebug
Real Networks RealPlayer 'VIDOBJ_START_CODE'θΏη¨δ»£η ζ§θ‘ζΌζ΄
2012-02-08 00:00:00
prion
prion
Code injection
2012-02-08 15:55:00
cve
cve
CVE-2012-0924
2012-02-08 15:55:00
nvd
nvd
CVE-2012-0924
2012-02-08 15:55:00
openvas
openvas
RealNetworks RealPlayer Multiple Vulnerabilities (Feb 2012) - Windows
2012-02-21 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities (Windows) - Feb12
2012-02-21 00:00:00
nessus
nessus
Real Networks RealPlayer < 15.0.2.72 Multiple Vulnerabilities
2012-02-08 00:00:00
RealPlayer for Windows < 15.0.2.71 Multiple Vulnerabilities
2012-02-08 00:00:00