RealNetworks RealPlayer IERPPLUG.DLL ActiveX Control Remote Denial of Service Vulnerability

Bugtraq ID:	21802
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Dec 28 2006 12:00AM
Updated:	Jan 04 2007 06:27PM
Credit:	shinnai <[email protected]> discovered this vulnerability.
Vulnerable:	RealNetworks RealPlayer 10.5 v6.0.12.1483 RealNetworks RealPlayer 10.5 v6.0.12.1348 RealNetworks RealPlayer 10.5 v6.0.12.1235 RealNetworks RealPlayer 10.5 v6.0.12.1069 RealNetworks RealPlayer 10.5 v6.0.12.1059 RealNetworks RealPlayer 10.5 v6.0.12.1056 RealNetworks RealPlayer 10.5 v6.0.12.1053 RealNetworks RealPlayer 10.5 v6.0.12.1040 RealNetworks RealPlayer 10.5 Beta v6.0.12.1016 RealNetworks RealPlayer 10.5
Not Vulnerable:

RealNetworks RealPlayer IERPPLUG.DLL ActiveX Control Remote Denial of Service Vulnerability

RealNetworks RealPlayer is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control.

RealPlayer version 10.5 is vulnerable to this issue; other versions may also be affected.

RealNetworks RealPlayer IERPPLUG.DLL ActiveX Control Remote Denial of Service Vulnerability

An example exploit has been provided:

• /data/vulnerabilities/exploits/21802.html

RealNetworks RealPlayer IERPPLUG.DLL ActiveX Control Remote Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

RealNetworks RealPlayer IERPPLUG.DLL ActiveX Control Remote Denial of Service Vulnerability

References:

• Microsoft Knowledge Base Article 240797 (Microsoft)
  
• RealPlayer Homepage (Real Networks)