RealPlayer Watch Folders Function Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with RealPlayer and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code on the system. Impact Level: System/Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The 'Watch Folders' function fails to process an overly long directory path, which can be exploited to cause stack-based buffer overflow via a crafted ZIP file.

Affected

RealPlayer version 15.0.5.109

References

http://packetstormsecurity.org/files/117691/Realplayer-Watchfolders-Long-Filepath-Overflow.html
http://seclists.org/fulldisclosure/2012/Oct/189
http://www.osvdb.org/86721
http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4987
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

VLC Media Player '.RM' File BOF Vulnerability (Linux)
SquidGuard Multiple Buffer Overflow Vulnerabilities
Firebird Relational Database CNCT Group Number Buffer Overflow Vulnerability (Win)
IrfanView Buffer Overflow Vulnerabilities
VLC Media Player Stack Overflow Vulnerability (Win-Mar09)

Take action and discover your vulnerabilities