Computer Security
[EN] no-pyccku

RealPlayer multiple security vulnerabilities
updated since 25.07.2008
SecurityVulns ID:9172
Threat Level:
Description:Buffer overflow on SWF files parsing. ActiveX memory corruption. ActiveX arbitrary files deletion.
Affected:REAL : RealPlayer 10.5
CVE:CVE-2008-3064 (Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability.")
 CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer 11.0.1 build does not properly manage memory for the Console property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. NOTE: some of these details are obtained from third party information.)
Original documentdocumentcocoruder, RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability (31.07.2008)
 documentZDI, (26.07.2008)
 documentZDI, ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability (26.07.2008)
 documentSECUNIA, Secunia Research: RealPlayer SWF Frame Handling Buffer Overflow (25.07.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod