RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Multiple Memory Corruption Vulnerabilities
BID:30376
Info
RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Multiple Memory Corruption Vulnerabilities
| Bugtraq ID: | 30376 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-3066 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 25 2008 12:00AM |
| Updated: | May 07 2015 05:25PM |
| Credit: | Elazar Broad |
| Vulnerable: |
RealNetworks rmoc3260.dll 6.0.10 .50 RealNetworks rmoc3260.dll 6.0.10 .45 RealNetworks RealPlayer Enterprise RealNetworks RealPlayer 10 6.0.12 .1662 RealNetworks RealPlayer 11.0.2 RealNetworks RealPlayer 10.5 v6.0.12.1483 RealNetworks RealPlayer 10.5 v6.0.12.1348 RealNetworks RealPlayer 10.5 v6.0.12.1235 RealNetworks RealPlayer 10.5 v6.0.12.1069 RealNetworks RealPlayer 10.5 v6.0.12.1059 RealNetworks RealPlayer 10.5 v6.0.12.1056 RealNetworks RealPlayer 10.5 v6.0.12.1053 RealNetworks RealPlayer 10.5 v6.0.12.1040 RealNetworks RealPlayer 10.5 RealNetworks RealPlayer 10.0 RealNetworks RealPlayer 11 |
| Not Vulnerable: | |
Discussion
RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Multiple Memory Corruption Vulnerabilities
RealNetworks RealPlayer 'rmoc3260.dll' ActiveX control is prone to multiple heap-based memory-corruption vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely crash the application.
The following versions are vulnerable:
RealPlayer 11.0.0 through 11.0.2 (builds 6.0.14.738 through 6.0.14.802)
RealPlayer 10.5 (builds 6.0.12.1040 through 6.0.12.1663, 6.0.12.1698, and 6.0.12.1741)
RealPlayer 10
RealPlayer Enterprise
Other versions may also be affected.
RealNetworks RealPlayer 'rmoc3260.dll' ActiveX control is prone to multiple heap-based memory-corruption vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely crash the application.
The following versions are vulnerable:
RealPlayer 11.0.0 through 11.0.2 (builds 6.0.14.738 through 6.0.14.802)
RealPlayer 10.5 (builds 6.0.12.1040 through 6.0.12.1663, 6.0.12.1698, and 6.0.12.1741)
RealPlayer 10
RealPlayer Enterprise
Other versions may also be affected.
Exploit / POC
RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Multiple Memory Corruption Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Multiple Memory Corruption Vulnerabilities
Solution:
Fixes are available. Please contact the vendor for details on how to obtain the latest release.
Solution:
Fixes are available. Please contact the vendor for details on how to obtain the latest release.
References
RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Multiple Memory Corruption Vulnerabilities
References:
References:
- [Full-disclosure] Real Networks RealPlayer ActiveX Heap Use After Free (Elazar Broad (elazarhushmail.com))
- July 25, 2008 - RealNetworks, Inc. Releases Update to Address Security Vulnerabi (Real Networks)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- RealPlayer Homepage (Real Networks)