Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities

2006-04-11 / 2006-04-12
Credit: Sowhat
Risk: High
Local: Yes
Remote: Yes
CWE: CWE-119

CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities By Sowhat of Nevis Labs Date: 2006.03.22 CVE: CVE-2006-0323 US CERT: VU#231028 Vendor RealNetworks Inc. Products affected: Windows RealPlayer 8 RealOne Player & RealOne Player V2 RealPlayer 10 RealPlayer 10.5 Macintosh RealOne Player RealPlayer 10 Linux RealPlayer 10 Overview: RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. For more information, visit Details: There are multiple vulnerabilities found in swfformat.dll. A carefully crafted .swf file may execute arbitrary code or crash the RealPlayer. By persuading a user to access a specially crafted SWF file with RealPlayer, a remote attacker may be able to execute arbitrary code. And also, these vulnerabilities can be triggered remotely through ActiveX in IE. By setting the size of SWF files to a value smaller than the actual size, you can trigger one of the vulnerabilities. Actually, there are multiple holes that have been fixed in swfformat.dll. POC: No PoC will be released for this. FIX: Vendor Response: 2005.10.07 Vendor notified via email 2005.10.07 Vendor responded 2005.03.22 Patch released 2006.04.11 Advisory released Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (, which standardizes names for security problems. CVE-2006-0323 Greetings to Paul Gese (at) real (dot) com [email concealed], Chi, OYXin, Narasimha Datta and all Nevis Labs guys. References: 1. 2. 3. 4. 5. 6. 7. -- Sowhat "Life is like a bug, Do you know how to exploit it ?"

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024,


Back to Top