9.3 - VU#461187

Executive Summary

Summary
Title	RealPlayer file deletion overflow vulnerability

Informations
Name	VU#461187	First vendor Publication	2008-07-28
Vendor	VU-CERT	Last vendor Modification	2008-07-28
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#461187

RealPlayer file deletion overflow vulnerability

Overview

RealPlayer contains a buffer overflow vulnerability that may allow an attacker to execute code on a vulnerable system.

I. Description

RealPlayer media player that is distributed by RealNetworks. RealPlayer supports streaming and local media.

Per the Zero Day Initiative advisory ZDI-08-046:

The specific flaw exists in RealPlayer's rjbdll.dll module when handling the deletion of media library files. An attacker could exploit this vulnerability using an ActiveX control {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} to import a vulnerable file into the user's media library. Upon deletion of this file, an exploitable stack based buffer overflow can be triggered.

II. Impact

By convincing a user to visit a website, a remote attacker may be able to execute arbitrary code.

III. Solution

Upgrade

RealPlayer updates for multiple operating systems are available on the RealNetworks support site. Users are encouraged to apply updates as soon as possible.

Disable Active X control

Setting the kill bit for the {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} CLSID may prevent this vulnerability from being exploited by a remote attacker. See US-Cert Vulnerability Note VU#871673 for more information on how to disable this control.

Systems Affected

Vendor	Status	Date Updated
RealNetworks, Inc.	Vulnerable	28-Jul-2008

References

http://www.zerodayinitiative.com/advisories/ZDI-08-046/
http://service.real.com/realplayer/security/07252008_player/en/
http://www.kb.cert.org/vuls/id/871673

Credit

Thanks to ZDI for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public	07/25/2008
Date First Published	07/28/2008 03:50:09 PM
Date Last Updated	07/28/2008
CERT Advisory
CVE-ID(s)
NVD-ID(s)
US-CERT Technical Alerts
Metric	25.31
Document Revision	3

Original Source

Url : http://www.kb.cert.org/vuls/id/461187

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Realnetworks Realplayer cpe:2.3:a:realnetworks:realplayer:10.5:::::::* cpe:2.3:a:realnetworks:realplayer:10.0:::::::*	2

SAINT Exploits

Description	Link
RealPlayer rjbdll.dll ActiveX Control file import buffer overflow	More info here

Open Source Vulnerability Database (OSVDB)

Id	Description
48286	RealPlayer rjbdll.dll ActiveX Media Library File Deletion Overflow

Snort® IPS/IDS

Date	Description
2016-03-14	RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 36496 - Revision : 2 - Type : BROWSER-PLUGINS
2016-03-14	RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 36495 - Revision : 2 - Type : BROWSER-PLUGINS
2014-01-10	RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 17425 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	RealNetworks RealPlayer Import ActiveX clsid access attempt RuleID : 16609 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	RealPlayer Ierpplug.dll ActiveX function call unicode access RuleID : 12663 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10	RealNetworks RealPlayer Ierpplug.dll ActiveX function call access RuleID : 10194 - Revision : 22 - Type : BROWSER-PLUGINS
2014-01-10	RealNetworks RealPlayer Ierpplug.dll ActiveX function call access RuleID : 10193 - Revision : 21 - Type : BROWSER-PLUGINS
2014-01-10	RealNetworks RealPlayer Ierpplug.dll ActiveX clsid access RuleID : 10192 - Revision : 25 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

Date	Description
2008-07-28	Name : The remote Windows application is affected by at least one security vulnerabi... File : realplayer_6_0_14_806.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:57:06	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	2
Saint Exploit(s)	1
osvdb(s)	1
Snort® Rule(s)	8
Nessus® Exploit(s)	1

	Related
9.3	VU#871673
9.3	CVE-2008-3066
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)