The Exploit Database is a repository for exploits and Lists, as well as other public sources, and present them in a freely-available andĮasy-to-navigate database. The most comprehensive collection of exploits gathered through direct submissions, mailing
REALPLAYER 16.0.3.51 FREE DOWNLOAD ARCHIVE
Non-profit project that is provided as a public service by Offensive Security.Ĭompliant archive of public exploits and corresponding vulnerable software,ĭeveloped for use by penetration testers and vulnerability researchers. That provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is maintained by Offensive Security, an information security training company
REALPLAYER 16.0.3.51 FREE DOWNLOAD CODE
The PoC will drop 'shdoclc.dll' (has simple code to run 'cmd.exe' at 'DllMain()' for demonstration purposes) to the user´s 'windowsapps' folder and 'write.exe' to 'startup' folder, so it works universally (any Windows version from at least XP up to 11) The directory 'appdata' must be placed in the share's root. The attacker needs to host the files to be copied/downloaded in an SMB or WebDav share. Until reboot (true when file is planted in 'startup' folder). Additionally when opening new windows, Real Player looks for an old, obsolete IE library (shdoclc.dll), which can also be abused to run code automatically without needing to wait Even though it displays an error because it cannot render the downloaded file, the file remains until the userĬloses the dialog box. Additionally it does not properly sanitize file pathsĪllowing planting of arbitrary files on arbitrary locations.
Which could be unsafe as only audio/image/video types should be allowed to download to the user´s disk. The 'Import()' method is handled in unsafe way regarding the 'Copy to My Music' parameter, which allows for arbitrary file types downloading The 'external' object and it exposes several custom methods and properties. Real Player uses Microsoft Internet Explorer functionality and exposes properties and methods through a special mean which is application specific:
# Exploit Title: Real Player 16.0.3.51 - 'external::Import()' Directory Traversal to Remote Code Execution (RCE)
0 kommentar(er)
