Executive Summary
Summary | |
---|---|
Title | RealNetworks RealPlayer ActiveX controls property heap memory corruption |
Informations | |||
---|---|---|---|
Name | VU#831457 | First vendor Publication | 2008-03-11 |
Vendor | VU-CERT | Last vendor Modification | 2008-04-15 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#831457RealNetworks RealPlayer ActiveX controls property heap memory corruptionOverviewMultiple RealPlayer ActiveX controls fail to properly handle properties, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionRealNetworks RealPlayer provides multiple ActiveX controls to allow integration with Internet Explorer. The ActiveX controls provided by the file rmoc3260.dll fail to properly handle multiple properties, including Console. Setting these properties can result in heap memory corruption.II. ImpactBy convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.III. SolutionApply an updateThis issue appears to be partially addressed in RealPlayer 11.0.2. This update provides version 6.0.10.50 of rmoc3260.dll. Please also consider the following workarounds:
{224E833B-2CC6-42D9-AE39-90B6A38A4FA2} {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} {3B46067C-FD87-49B6-8DDD-12F0D687035F} {3B5E0503-DE28-4BE8-919C-76E0E894A3C2} {44CCBCEB-BA7E-4C99-A078-9F683832D493} {A1A41E11-91DB-4461-95CD-0C02327FD934} {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0FDF6D6B-D672-463B-846E-C6FF49109662}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{224E833B-2CC6-42D9-AE39-90B6A38A4FA2}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{3B46067C-FD87-49B6-8DDD-12F0D687035F}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{3B5E0503-DE28-4BE8-919C-76E0E894A3C2}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{44CCBCEB-BA7E-4C99-A078-9F683832D493}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{A1A41E11-91DB-4461-95CD-0C02327FD934}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}] "Compatibility Flags"=dword:00000400 Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Systems Affected
References
This vulnerability was publicly disclosed by Elazar Broad. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/831457 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42946 | RealPlayer ActiveX (rmoc3260.dll) Console Property Memory Corruption Arbitrar... A use-after-free condition exists in RealPlayer. By setting properties in rmoc3260.dll ActiveX control in a certain way, it is possible to overwrite heap management structures, resulting in redirection of execution flow when these corrupted heap blocks are freed. This issue can be exploited by a context-dependent attacker to execute arbitrary code in the context of the user running the host application, typically Internet Explorer. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | RealPlayer Stream Handler ActiveX clsid unicode access RuleID : 8410 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer Stream Handler ActiveX clsid access RuleID : 8409 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer RMP Download Handler ActiveX clsid unicode access RuleID : 8390 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer RMP Download Handler ActiveX clsid access RuleID : 8389 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer RNX Download Handler ActiveX clsid unicode access RuleID : 8388 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer RNX Download Handler ActiveX clsid access RuleID : 8387 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer Playback Handler ActiveX clsid unicode access RuleID : 8386 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer Playback Handler ActiveX clsid access RuleID : 8385 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer RAM Download Handler ActiveX clsid unicode access RuleID : 8384 - Revision : 9 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer RAM Download Handler ActiveX clsid access RuleID : 8383 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer SMIL Download Handler ActiveX clsid unicode access RuleID : 8382 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer SMIL Download Handler ActiveX clsid access RuleID : 8381 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer Download Handler ActiveX clsid unicode access RuleID : 8378 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer Download Handler ActiveX clsid access RuleID : 8377 - Revision : 14 - Type : BROWSER-PLUGINS |
2018-05-24 | RealPlayer rmoc3260.dll ActiveX clsid access attempt RuleID : 46405 - Revision : 2 - Type : BROWSER-PLUGINS |
2018-05-24 | RealPlayer rmoc3260.dll ActiveX clsid access attempt RuleID : 46404 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer RAM Download Handler ActiveX control access attempt RuleID : 16607 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer Stream Handler ActiveX function call unicode access RuleID : 14053 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer Stream Handler ActiveX function call access RuleID : 14052 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer SMIL Download Handler ActiveX function call unicode access RuleID : 14051 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer SMIL Download Handler ActiveX function call access RuleID : 14050 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer RNX Download Handler ActiveX function call unicode access RuleID : 14049 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer RNX Download Handler ActiveX function call access RuleID : 14048 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer RMP Download Handler ActiveX function call unicode access RuleID : 14047 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer RMP Download Handler ActiveX function call access RuleID : 14046 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer Playback Handler ActiveX function call unicode access RuleID : 14045 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer Playback Handler ActiveX function call access RuleID : 14044 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer General Property Page ActiveX clsid unicode access RuleID : 14043 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer General Property Page ActiveX clsid access RuleID : 14042 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer RMOC3260.DLL Vulnerble Property ActiveX function call unicode access RuleID : 13610 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX function call... RuleID : 13609 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer RMOC3260.DLL Vulnerble Property ActiveX clsid unicode access RuleID : 13608 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX clsid access RuleID : 13607 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer RAM Download Handler ActiveX function call unicode access RuleID : 13606 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer RAM Download Handler ActiveX function call access RuleID : 13605 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer Download Handler ActiveX function call unicode access RuleID : 13604 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer Download Handler ActiveX function call access RuleID : 13603 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | RealPlayer RMOC3260.DLL ActiveX function call unicode access RuleID : 12769 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access RuleID : 12768 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access RuleID : 12767 - Revision : 17 - Type : BROWSER-PLUGINS |
2014-01-10 | RealNetworks RealPlayer RMOC3260.DLL ActiveX clsid access RuleID : 12766 - Revision : 18 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-07-28 | Name : The remote Windows application is affected by at least one security vulnerabi... File : realplayer_6_0_14_806.nasl - Type : ACT_GATHER_INFO |
2008-03-12 | Name : The remote Windows host has an ActiveX control that is affected by heap memor... File : realplayer_rmoc3260_activex.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:08:11 |
|
2014-01-19 21:31:05 |
|