CVE ID | CVE-2011-4262 |
CVSS SCORE | 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P |
AFFECTED VENDORS |
RealNetworks |
AFFECTED PRODUCTS |
RealPlayer |
TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['12151']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
VULNERABILITY DETAILS |
The specific flaw exists within mp4fformat. The vulnerability resides in adding 1 to a trusted size value being taken out of the file data. The size value is then used in an operator_new call. This can be leveraged when the pointer returned from the operator_new is used in a memcpy as the destination buffer pointer. This vulnerability can result in remote code execution under the context of the user running the application. |
ADDITIONAL DETAILS |
RealNetworks has issued an update to correct this vulnerability. More details can be found at:
http://service.real.com/realplayer/security/11182011_player/en/ |
DISCLOSURE TIMELINE |
|
CREDIT | Alexander Gavrun |