![]() ![]() If malicious data is placed in the ‘version’ or ‘encoding’ attribute inside the XML declaration of the RMP file, it can result in a crash or execution of arbitrary code.īelow is the view of the crafted RMP file in hex-editor having a malicious value in the ‘version’ attribute. The vulnerability is because of the way the ‘version’ and ‘encoding’ attributes in the XML declaration of an RMP (RIFF MP3 Audio File) file are handled. Affected versions of RealPlayer are before 17.0.4.61 on Windows systems. This flaw allows attackers to execute arbitrary code and take complete control of the system remotely. RealPlayer is vulnerable to multiple stack-based buffer overflow vulnerabilities ( CVE-2013-7260).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |