This Metasploit module exploits a initialization flaw within RealPlayer 11/11.1 and RealPlayer SP 1.0 - 1.1.4. An abnormally long CDDA URI causes an object initialization failure. However, this failure is improperly handled and uninitialized memory executed.
62839465e28e0ea9cf0ef9d9a77ebcf656fe7aa1aca009b4ad424e57e87ca3f2Zero Day Initiative Advisory 10-210 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the parsing of long CDDA URIs due to a failure to initialize a particular component of an object. The application will later call a method in the object leading to the uninitialized pointer being called. If an attacker can place data they control at the uninitialized location, the application will call malicious pointer which can lead to code execution under the context of the application.
3cc75328eddc338d0bc1a9e1842ae48b5843645728a1537702121a0ea0b49563
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed