Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiLuigi AuriemmaZDI-12-049
HistoryMar 22, 2012 - 12:00 a.m.

RealNetworks RealPlayer RealAudio coded_frame_size Remote Code Execution

2012-03-2200:00:00
Luigi Auriemma
www.zerodayinitiative.com
15

EPSS

0.01

Percentile

84.0%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within cook.dll, specifically the handling of a RealAudio 2.0 file. When parsing the RA2 header a coded_frame_sz element is used to calculate the size for an allocation. This value is not properly verified before unpacking stream data into this new location. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

Related

prion 1
cvelist 1
nvd 1
cve 1
openvas 2
nessus 2
prion
prion
Code injection
2012-02-08 15:55:00
cvelist
cvelist
CVE-2012-0927
2012-02-08 15:00:00
nvd
nvd
CVE-2012-0927
2012-02-08 15:55:00
cve
cve
CVE-2012-0927
2012-02-08 15:55:00
openvas
openvas
RealNetworks RealPlayer Multiple Vulnerabilities (Windows) - Feb12
2012-02-21 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities (Feb 2012) - Windows
2012-02-21 00:00:00
nessus
nessus
Real Networks RealPlayer < 15.0.2.72 Multiple Vulnerabilities
2012-02-08 00:00:00
RealPlayer for Windows < 15.0.2.71 Multiple Vulnerabilities
2012-02-08 00:00:00

EPSS

0.01

Percentile

84.0%

JSON
Related for ZDI-12-049
prion1cvelist1nvd1cve1openvas2nessus2