Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3066

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3066
Last Modified 07 Mar 2011 10:10:09
Published 28 Jul 2008 01:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3066

Summary

Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.

Vulnerable Systems

Application

  • Realplayer 10.0

  • Realplayer 10.5


References

CERT-VN - VU#461187

XF - realplayer-rjbdll-activex-bo(44013)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-046/

VUPEN - ADV-2008-2194

BID - 30379

BID - 30376

BUGTRAQ - 20080725 http://www.zerodayinitiative.com/advisories/ZDI-08-046

CONFIRM - http://service.real.com/realplayer/security/07252008_player/en/

SECTRACK - 1020565


Last Updated: 27 May 2016 10:48:04