Realplayer .SWF Multiple Remote Memory Corruption Vulnerabilities
By Sowhat of Nevis Labs
US CERT: VU#231028
RealOne Player & RealOne Player V2
RealPlayer is an application for playing various media formats,
developed by RealNetworks Inc. For more information, visit
There are multiple vulnerabilities found in swfformat.dll.
A carefully crafted .swf file may execute arbitrary code or crash the
By persuading a user to access a specially crafted SWF file with RealPlayer,
a remote attacker may be able to execute arbitrary code.
And also, these vulnerabilities can be triggered remotely through ActiveX
By setting the size of SWF files to a value smaller than the actual size,
you can trigger one of the vulnerabilities.
Actually, there are multiple holes that have been fixed in swfformat.dll.
No PoC will be released for this.
2005.10.07 Vendor notified via email
2005.10.07 Vendor responded
2005.03.22 Patch released
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.
Greetings to Paul Gese@real.com, Chi, OYXin, Narasimha Datta and all
Nevis Labs guys.
"Life is like a bug, Do you know how to exploit it ?"