RealNetworks RealPlayer RealAudio coded_frame_size Remote Code Execution

ID ZDI-12-049
Type zdi
Reporter Luigi Auriemma
Modified 2012-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file.

The flaw exists within cook.dll, specifically the handling of a RealAudio 2.0 file. When parsing the RA2 header a coded_frame_sz element is used to calculate the size for an allocation. This value is not properly verified before unpacking stream data into this new location. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.