Vigil@nce: RealPlayer, multiple vulnerabilities
July 2008 by Vigil@nce
SYNTHESIS
Several RealPlayer vulnerabilities can be used by an attacker to
execute code on victim’s computer.
Gravity: 3/4
Consequences: user access/rights, denial of service of client
Provenance: internet server
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 28/07/2008
Identifier: VIGILANCE-VUL-7972
IMPACTED PRODUCTS
– Microsoft Windows - plateform
– Unix - plateform
DESCRIPTION
Several vulnerabilities had been announced in RealPlayer.
An attacker can use the "Controls" or "Console" properties of the
"rmoc3260.dll" ActiveX to corrupt memory, in order to execute
code. [grav:3/4; CVE-2008-1309, ZDI-08-047]
An attacker can use the "Controls" or "WindowName" properties of
the "rmoc3260.dll" ActiveX to corrupt memory, in order to execute
code. [grav:3/4; CVE-2008-3064]
An attacker can create a malicious Shockwave Flash file to create
a buffer overflow leading to code execution. [grav:3/4;
CVE-2007-5400]
An attacker can import a file on the victim’s computer via the
FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 ActiveX, then delete it with rjbdll.dll in order to create a buffer overflow leading to
code execution. [grav:3/4; CVE-2008-3066, ZDI-08-046]
CHARACTERISTICS
Identifiers: 07252008_player, CVE-2007-5400, CVE-2008-1309,
CVE-2008-3064, CVE-2008-3066, VIGILANCE-VUL-7972, ZDI-08-046, ZDI-08-047