RealPlayer SMIL file wallclock buffer overflow

Added: 06/29/2007
CVE: CVE-2007-3410
BID: 24658
OSVDB: 37374

Background

RealPlayer includes support for Synchronized Multimedia Integration Language (SMIL) files.

Problem

A buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL file.

Resolution

Update to a fixed version of RealPlayer by selecting Check for Update under the Help menu in RealPlayer.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547

Limitations

Exploit works on RealPlayer 10.5 Gold and requires a user to open the exploit file in Internet Explorer 6 or 7.

Platforms

Windows

Back to exploit index