Full title: RealPlayer RealMedia File Handling Buffer Overflow Category: remote exploits Platform: windows This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109. # 0day.today @ http://0day.today/