realpdos_au.txt
Posted on 03 December 2007
Type : DOS attack when processing a malformed AU file. Affected : Realplayer 11 ActiveX on Win Vista and Win XP SP2 Date : 01-12-2007 Author : Adonis, Abed safehack.com Link : http://www.safehack.com/Advisory/realpdos_au.txt Disclaimer ---------- The information in this text is believed to be true based on experiments though it may be false. This material is presented for informational purposes ONLY. We do not accept any liability for anything anyone does with this Information. Brief History ------------- Link : http://www.safehack.com/Advisory/realpdos_au.txt RealPlayer 11 is prone to a denial-of-service vulnerability when processing a malformed AU file. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users. The Problem ----------- Instructions: : : 630A87D5 894E 76 MOV DWORD PTR DS:[ESI+76],ECX : 630A87D8 1BDB SBB EBX,EBX : 630A87DA 83E3 03 AND EBX,3 : 630A87DD 83C3 08 ADD EBX,8 : 630A87E0 0FAFFB IMUL EDI,EBX : 630A87E3 D1E7 SHL EDI,1 : 630A87E5 33D2 XOR EDX,EDX : 630A87E7 F7F7 DIV EDI <- division by zero, crash : : : Registers: : : EAX 00000000 ECX 00000000 EDX 00000000 EBX 0000000B ESP 07F5FE14 EBP 07F5FE24 ESI 01DE0E48 EDI 00000000 EIP 630A87E7 pnen3260.630A87E7 Hex Dump: 00411000 00 00 00 00 9C CF 40 00 ....