RealPlayer RMP File Version Attribute Buffer Overflow
Added: 12/27/2013CVE: CVE-2013-6877
BID: 64398
OSVDB: 101356
Background
RealNetworks RealPlayer includes an embedded player which plays media embedded in a web page.Problem
RealNetworks Windows RealPlayer 17.0.2.206 and earlier versions are vulnerable to remote code execution due to improper bounds checking of the version attribute inside the XML declaration. By persuading a vulnerable user to open a specially crafted RMP file, a remote attacker could cause a stack buffer overflow, allowing execution of arbitrary code on the system.Resolution
Upgrade to Windows RealPlayer 17.0.4.61 or higher.References
http://service.real.com/realplayer/security/12202013_player/en/Limitations
Exploit works against RealPlayer 16.0.3.51 and 16.0.2.32 on Windows XP SP2/SP3.The user must save the .rmp file and open it in the vulnerable version of RealPlayer.
Platforms
WindowsBack to exploit index