Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1309

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1309
Last Modified 16 Jun 2011 12:00:00
Published 12 Mar 2008 01:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1309

Summary

The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.

Vulnerable Systems

Application

  • Realnetworks Realplayer

  • Realnetworks Realplayer 10.0

  • Realnetworks Realplayer 10.5

  • Realnetworks Realplayer 11


References

CERT-VN - VU#831457

XF - realplayer-realaudioobjects-bo(41087)

XF - realplayer-realaudioobjects-code-execution(41087)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-047/

VUPEN - ADV-2008-2194

VUPEN - ADV-2008-0842

SECTRACK - 1020563

SECTRACK - 1019576

BID - 28157

BUGTRAQ - 20080725 ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability

MILW0RM - 5332

CONFIRM - http://service.real.com/realplayer/security/07252008_player/en/

SECUNIA - 29315

FULLDISC - 20080310 Real Networks RealPlayer ActiveX Control Heap Corruption


Last Updated: 27 May 2016 10:47:06