CVE-2009-4246 – RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2009-4246

Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values. Desbordamiento de búfer basado en pila en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos asistidos por usuarios locales ejecutar código de su elección a través de un fichero "skin" .RJS que contiene un fichero web.xmb con las longitudes de cadena manipuladas. This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must visit a malicious website or open a malicious file and accept a dialog to switch player skins. The specific flaw exists during parsing of malformed RealPlayer .RJS skin files. While loading a skin the application copies certain variable length fields from the extracted file named web.xmb into a statically sized buffer. • http://secunia.com/advisories/38218 http://securitytracker.com/id?1023489 http://service.real.com/realplayer/security/01192010_player/en http://www.securityfocus.com/archive/1/509104/100/0/threaded http://www.securityfocus.com/bid/37880 http://www.vupen.com/english/advisories/2010/0178 http://www.zerodayinitiative.com/advisories/ZDI-10-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/55799 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •