Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

RealPlayer multiple security vulnerabilities
updated since 25.07.2008
Published: 31.07.2008
Source: BUGTRAQ
SecurityVulns ID: 9172
Type: client
Level: 6/10
Description: Buffer overflow on SWF files parsing. ActiveX memory corruption. ActiveX arbitrary files deletion.

Affected: REAL : RealPlayer 10.5
CVE: CVE-2008-3064
CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll 6.0.10.45 in RealNetworks RealPlayer 11.0.1 build 6.0.14.794 does not properly manage memory for the Console property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. NOTE: some of these details are obtained from third party information.)

Original document cocoruder, RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability (31.07.2008)

ZDI, http://www.zerodayinitiative.com/advisories/ZDI-08-046 (26.07.2008)

ZDI, ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability (26.07.2008)

document SECUNIA, Secunia Research: RealPlayer SWF Frame Handling Buffer Overflow (25.07.2008)

Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)