Skip navigation
Menu
Security

RealPlayer Buffer Overflow

 
RealPlayer Denial of Service
Reported April 4, 2000 by Adam Muntner
VERSIONS EFFECTED
  • RealPlayer v6 and v7

DESCRIPTION

There is a buffer overflow in the Win32 RealPlayer Basic client, versions 6 and 7. This appears to occur when more than 299 characters are entered as a "location" to play. 

Using the HTML "EMBED" tag to embed RealPlayer in a webpage and setting the "AUTOSTART=true" flag, RealPlayer can forced to start automatically, thereby triggering the overflow condition.

While I have not taken the time to find the proper entrance point in PNEN3260.DLL (which is what crashes, for example, in RealPlay 6 Basic), it appears that arbitrary code could be exploited simply by visiting a webpage with the malicious embedded RealPlayer tags, provided of course you"ve left your browser unprotected by allowing ActiveX, Java, and other dangerous mobile code to execute.

DEFENSE

Load the patched RealPlayer once it is released. IUn the mean time, seriously consider disabling ActiveX in your browsers.

VENDOR RESPONSE

A response from Real was unknown at the time of this writing.

CREDITS
Reported by Adam Muntner
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024