Vulnerability & Exploit Database

Back to search

RealPlayer RealMedia File Handling Buffer Overflow

This module exploits a stack based buffer overflow on RealPlayer <= The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • suto <suto [at]>



  • Windows XP SP3 / Real Player


  • windows



Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/fileformat/real_player_url_property_bof msf exploit(real_player_url_property_bof) > show targets ...targets... msf exploit(real_player_url_property_bof) > set TARGET <target-id> msf exploit(real_player_url_property_bof) > show options and set options... msf exploit(real_player_url_property_bof) > exploit