BetaONE will rise again!


Reply
  #1  
Old 28th Oct 04, 01:00 PM
NewsBot's Avatar
NewsBot NewsBot is offline
Senior Member
 
Join Date: Oct 2004
Posts: 30,912
NewsBot will become famous soon enough
RealPlayer Zipped Skin File Buffer Overflow
eEye Digital Security has discovered a vulnerability in RealPlayer that allows a remote attacker to reliably overwrite the stack with arbitrary data and execute arbitrary code in the context of the user under which the player is running.

A RealPlayer skin file (.rjs extension) can be downloaded and applied automatically through a web browser without the user's permission. A skin file is a bundle of graphics and a .ini file, stored together in ZIP format. DUNZIP32.DLL, which is included with RealPlayer, is used to extract the contents of the skin file. When an .rjs file containing a long file name (greater than around 0x8000 bytes) is opened, either in RealPlayer or through a web browser, a stack based buffer overflow occurs, allowing an exception handler record to be overwritten and EIP to be hijacked.

News source: Neowin
Full story: View Here
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Speed up system. greasemonkey Hardware Support 6 6th Nov 01 08:32 PM


All times are GMT +1. The time now is 05:42 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.