HTTP: RealNetworks RealPlayer RealMedia File Format Processing Heap Corruption
A remote heap corruption vulnerability exists in RealNetworks RealPlayer application. The vulnerability is due to boundary errors when processing RM files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted RM file. Successful exploitation would cause a memory corruption that may lead to arbitrary code execution in the security context of the logged in user. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. In an attack case where code injection is not successful, if the affected RealPlayer or RealOne Player process will terminate abnormally.
Extended Description
RealNetworks RealPlayer is prone to multiple memory-corruption vulnerabilities that arise when the application processes specially crafted files. Successfully exploiting these issues will allow remote attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will cause a denial-of-service condition.
Affected Products
Real_networks realone_player
Short Name
HTTP:STC:STREAM:REALMEDIA-PROC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2007-5081 Corruption File Format Heap Processing RealMedia RealNetworks RealPlayer bid:26214
Release Date
10/19/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Real_networks
CVSS Score
9.3