RealPlayer multiple security vulnerabilities updated since 25.07.2008
Published:		31.07.2008
Source:		BUGTRAQ
SecurityVulns ID:		9172
Type:		client
Level:		6/10
Description:		Buffer overflow on SWF files parsing. ActiveX memory corruption. ActiveX arbitrary files deletion.

Affected:		REAL : RealPlayer 10.5
CVE:		CVE-2008-3064
		CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll 6.0.10.45 in RealNetworks RealPlayer 11.0.1 build 6.0.14.794 does not properly manage memory for the Console property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. NOTE: some of these details are obtained from third party information.)

Original document		cocoruder, RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability (31.07.2008)
		ZDI, http://www.zerodayinitiative.com/advisories/ZDI-08-046 (26.07.2008)
		ZDI, ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability (26.07.2008)
		SECUNIA, Secunia Research: RealPlayer SWF Frame Handling Buffer Overflow (25.07.2008)

Discuss:

Read or add your comments to this news (0 comments)