Info

Disclosure

Dec 16, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote/local overflow exists in Realtek Media Player (rtlrack.exe). The media player fails to properly bounds check '.pla' files resulting in a stack-based buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Uncoordinated Disclosure

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Realtek Semiconductor Corporation

Realtek Media Player

A4.06

References

CVE ID: 2008-5664 (see also: NVD)
Bugtraq ID: 32860
Secunia Advisory ID: 33183
ISS X-Force ID: 47380
Metasploit ID: 50715
Milw0rm: 7492
Exploit Database: 7492
VUPEN Advisory: ADV-2008-3446
Other Advisory URL: http://securityreason.com/securityalert/4783
http://www.shinnai.net/xplits/TXT_n7dMz2jBQsDJFtplslYw.html
Vendor URL: http://www.realtek.com.tw/downloads/downloadsCheck.aspx?Langid=1&PNid=23&PFid=23&Level=4&Conn=3&DownTypeID=3&GetDown=false#AC

Credit

shinnai - shinnaiautistici.org -

Direct URL: http://osvdb.org/50715