eEye.vidplin.txt...

- AV AC AU C I A
发布: 2005-06-24
修订: 2022-12-19

eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite heap memory with arbitrary data and execute arbitrary code in the context of the user who executed the player. This specific flaw exists within the vidplin.dll file used by RealPlayer. By specially crafting a malformed .avi movie file, a direct heap overwrite is triggered, and reliable code execution is then possible. This vulnerability can be trigger when a user views a webpage, or opens an .avi file via email, instant messenger, or other common file transfer programs.

0%
暂无可用Exp或PoC
当前有0条受影响产品信息