| CVE ID | CVE-2012-0924 |
| CVSS SCORE | 9.0, AV:N/AC:L/Au:N/C:P/I:P/A:C |
| AFFECTED VENDORS |
RealNetworks |
| AFFECTED PRODUCTS |
RealPlayer |
| VULNERABILITY DETAILS |
The flaw exists within dmp4.dll, specifically the decoding of an MPEG stream. When encountering a VIDOBJ_START_CODE object the process inproperly validates the size of the destination buffer used for rendering. The contents of a decoded frame are copied to this region which can result in heap corruption if the decoded frame size exceeds the size of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
|
| ADDITIONAL DETAILS |
RealNetworks has issued an update to correct this vulnerability. More details can be found at:
http://service.real.com/realplayer/security/02062012_player/en/ |
| DISCLOSURE TIMELINE |
|
| CREDIT | Luigi Auriemma |
