=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN065
_____________________________________________________________________

DATE                      : 28/01/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running RealPlayer versions 11.0, 11.1,
                             14.0.0, 14.0.1, SP 1.0 up to and including 1.1.5.

======================================================================
http://www.zerodayinitiative.com/advisories/ZDI-11-033/
______________________________________________________________________

Realplayer vidplin.dll AVI Parsing Remote Code Execution Vulnerability
ZDI-11-033: January 27th, 2011

CVE ID

      CVE-2010-4393

CVSS Score

      9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)

Affected Vendors

      RealNetworks

Affected Products

      RealPlayer

TippingPoint IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital
Vaccine protection filter ID 10640. For further product information on the
TippingPoint IPS:

      http://www.tippingpoint.com

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Realnetworks Realplayer SP. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.

The specific flaw exists within the vidplin.dll module. A buffer is allocated
according to the user supplied length value. User supplied data is then copied
into the allocated buffer, without verifying length, allowing the data to be
written past the bounds of the previously allocated buffer. A remote attacker
can exploit this vulnerability to execute arbitrary code under the context of
the user running RealPlayer.

Vendor Response
RealNetworks has issued an update to correct this vulnerability. More details
can be found at:

      http://service.real.com/realplayer/security/01272011_player/en/

Disclosure Timeline

      2010-09-14 - Vulnerability reported to vendor
      2011-01-27 - Coordinated public release of advisory

Credit
This vulnerability was discovered by:

      Juan Pablo Lopez Yacubian


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================