| CVE ID | CVE-2009-4242 |
| CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
RealNetworks |
| AFFECTED PRODUCTS |
RealPlayer |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site. The specific flaw exists during the parsing of GIF files with forged chunk sizes. The player uses values from the file improperly when allocating a buffer on the heap. An attacker can abuse this to create and then overflow heap buffers leading to arbitrary code execution in the context of the currently logged in user. |
| ADDITIONAL DETAILS |
RealNetworks has issued an update to correct this vulnerability. More details can be found at:
http://service.real.com/realplayer/security/01192010_player/en/ |
| DISCLOSURE TIMELINE |
|
| CREDIT | Anonymous |
