Hi Marc and all, I have a question here. > The code in pnen3260.dll among other things is > responsible for handling > .rm files. The vulnerability is triggered by setting > the length field of > the VIDORV30 data chunk to 0xFFFFFFF8 - 0xFFFFFFFF > this will cause an > integer overflow which leads to a small block of > memory being allocated, > we call this movie from a SMIL file to handle the > initial exception, > eventually overflowing the buffer. I check the Real Media file format at: http://home.pcisys.net/~melanson/codecs/rmff.htm According to what I understand, a data chunk has a 4-byte object_id as "DATA". This makes me a little confused. What does a VIDORV30 data chunk mean? How do I differentiate a general data chunk from a VIDORV30 data chunk? Thank you in advance for any advice. __________________________________ Do you Yahoo!? Y! Messenger - Communicate in real time. Download now. http://messenger.yahoo.com
