RealPlayer ierpplug.dll ActiveX Control Import Playlist Name Stack Buffer Overflow Vulnerability
BID:26130
Info
RealPlayer ierpplug.dll ActiveX Control Import Playlist Name Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 26130 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5601 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 18 2007 12:00AM |
| Updated: | Nov 07 2008 03:45PM |
| Credit: | The discoverer of this issue is currently anonymous. |
| Vulnerable: |
RealNetworks RealPlayer 10.5 RealNetworks RealPlayer 10.0 RealNetworks RealPlayer 11 Beta |
| Not Vulnerable: | |
Discussion
RealPlayer ierpplug.dll ActiveX Control Import Playlist Name Stack Buffer Overflow Vulnerability
RealPlayer is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the application using the affected control (typically Internet Explorer). Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
RealPlayer is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the application using the affected control (typically Internet Explorer). Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
Exploit / POC
RealPlayer ierpplug.dll ActiveX Control Import Playlist Name Stack Buffer Overflow Vulnerability
A reliable exploit has been released for Immunity CANVAS Early Updates.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product.
The DeepSight Threat Analyst team has discovered evidence that this issue is being actively exploited in the wild.
The following exploit is available. Note that Symantec has not tested or verified this exploit. Always use caution when handling exploits.
A reliable exploit has been released for Immunity CANVAS Early Updates.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product.
The DeepSight Threat Analyst team has discovered evidence that this issue is being actively exploited in the wild.
The following exploit is available. Note that Symantec has not tested or verified this exploit. Always use caution when handling exploits.
Solution / Fix
RealPlayer ierpplug.dll ActiveX Control Import Playlist Name Stack Buffer Overflow Vulnerability
Solution:
The vendor released updates to address this issue. Please see the references for more information.
RealNetworks RealPlayer 11 Beta
Solution:
The vendor released updates to address this issue. Please see the references for more information.
RealNetworks RealPlayer 11 Beta
-
Real Networks securitydb.rnx
http://service.real.com/realplayer/security/191007_player/en/securityd b.rnx
References
RealPlayer ierpplug.dll ActiveX Control Import Playlist Name Stack Buffer Overflow Vulnerability
References:
References:
- [Dailydave] Real Security (Dave Aitel)
- Chinese Weekend Compromise (Trend Micro)
- Home Page (Real Networks)
- JS_IFRAME.AD (Trend Micro)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- RealPlayer Exploit On The Loose (Symantec)
- RealPlayer ierpplug.dll ActiveX Control BO Exploit Demo (CoffeeandSecurity )
- RealPlayer Security Vulnerability October 19, 2007 (Real Networks)
- Vulnerability Note VU#871673 (US-CERT)