RealPlayer Zipped Skin File Buffer Overflow

eEye Digital Security has discovered a vulnerability in RealPlayer that allows a remote attacker to reliably overwrite the stack with arbitrary data and execute arbitrary code in the context of the user under which the player is running.

A RealPlayer skin file (.rjs extension) can be downloaded and applied automatically through a web browser without the user"s permission. A skin file is a bundle of graphics and a .ini file, stored together in ZIP format. DUNZIP32.DLL, which is included with RealPlayer, is used to extract the contents of the skin file. When an .rjs file containing a long file name (greater than around 0x8000 bytes) is opened, either in RealPlayer or through a web browser, a stack based buffer overflow occurs, allowing an exception handler record to be overwritten and EIP to be hijacked.

News source: eEye Digital Security

View: Full Details

Report a problem with article
Next Article

IrfanView 3.95

Previous Article

New version of MSN Messenger 7 hits Beta Place