vendor:
Realplayer
by:
Jon Hart
5.5
CVSS
MEDIUM
Local privilege escalation
269
CWE
Product Name: Realplayer
Affected Version From: Realplayer version 9
Affected Version To: Realplayer version 9
Patch Exists: NO
Related CWE:
CPE: a:realnetworks:realplayer:9
Platforms Tested:
Unknown
rp9-priv-esc.c
A local privilege escalation attack against the community supported version of Real.com's Realplayer, version 9. By default, configuration files are stored in ~$USER/.realnetworks/ and are group writeable. A malicious local user can edit the config files of fellow users to perform unauthorized actions. The attack involves modifying the path to shared libraries and writing malicious shared libraries.
Mitigation:
Ensure that configuration files are not group writeable and restrict execution permissions for users. Regularly update Realplayer to the latest version to prevent known vulnerabilities.
