Signature Detail

APP: Real Networks RealPlayer 'qcpfformat.dll' Remote Code Execution

This signature detects attempts to exploit a known flaw in Real Networks RealPlayer. Versions 14.0.6 and below are affected. A successful attack results in arbitrary code execution with the privileges of the targeted user, possibly an administrator. Both Core IMPACT and Metasploit Framework have exploit modules for this vulnerability.

Extended Description

Real Networks RealPlayer is prone to a remote code-execution vulnerability. Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected application. Failed attacks may cause denial-of-service conditions. Versions prior to RealPlayer for Windows 14.0.6 are vulnerable. NOTE: This issue was previously discussed in BID 49169 (Real Networks RealPlayer Multiple Remote Vulnerabilities) but has been given its own record to better document it.

Affected Products

• Real Networks RealPlayer 11.0.1
• Real Networks RealPlayer 11.0.2
• Real Networks RealPlayer 11.0.2.1744
• Real Networks RealPlayer 11.0.2.2315
• Real Networks RealPlayer 11.0.3
• Real Networks RealPlayer 11.0.4
• Real Networks RealPlayer 11.0.5
• Real Networks RealPlayer 11.1
• Real Networks RealPlayer 14.0.0
• Real Networks RealPlayer 14.0.1
• Real Networks RealPlayer 14.0.1.609
• Real Networks RealPlayer 14.0.1.633
• Real Networks RealPlayer 14.0.2
• Real Networks RealPlayer 14.0.2.633
• Real Networks RealPlayer 14.0.3
• Real Networks RealPlayer 14.0.5
• Real Networks RealPlayer SP 1.0.0
• Real Networks RealPlayer SP 1.0.1
• Real Networks RealPlayer SP 1.0.2
• Real Networks RealPlayer SP 1.0.5
• Real Networks RealPlayer SP 1.1
• Real Networks RealPlayer SP 1.1.1
• Real Networks RealPlayer SP 1.1.2
• Real Networks RealPlayer SP 1.1.3
• Real Networks RealPlayer SP 1.1.4
• Real Networks RealPlayer SP 1.1.5

References

• BugTraq: 49172
• CVE: CVE-2011-2950
• URL: http://en.wikipedia.org/wiki/QCP
• URL: http://service.real.com/realplayer/security/08162011_player/en/