Skip to content

Edubr2020/RP_RecordClip_DLL_Hijack

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Remote DLL Hijack Vulnerability in Real Player (CVE-2022-32291)

The Player application (which is vulnerable upon starting Real Converter) and the Recording Manager are prone to a remote DLL hijack (binary planting) issue because of unsafe search for unexisting DLLs. To exploit the issue attackers would have to convince the target to open a media file from a WebDAV or SMB share.

For Real Player prior to V.20.1.0.312:

edit the RAM file and the HTML file and replace "%server%" with the actual server host name or IP "%share%" with actual share name. Target needs to open the RAM file that also invokes the HTML file with code to invoke Recording Manager app and the DLL is loaded instantly and code runs from the "DLLMain()" function.

For RP V.20.1.0.312 and above (includes v.22.0.2.306):

Just edit the RAM file 'start_RP_V.20.1.0.312.ram' and replace "%server%" with the actual server host name or IP "%share%" with actual share name. When the target opens the RAM file, needs to wait a little while until the DLL is loaded.

dll names: pnrs3260.dll mediautil.dll

Edit: After nearly an year RealNetworks did not patch such a simple but dangerous vulnerability in their software.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published