ID CVE-2008-1309
Summary The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
References
Vulnerable Configurations
  • cpe:2.3:a:realnetworks:realplayer:-:enterprise
    cpe:2.3:a:realnetworks:realplayer:-:enterprise
  • RealNetworks RealPlayer 10.0
    cpe:2.3:a:realnetworks:realplayer:10.0
  • RealNetworks RealPlayer 10.5
    cpe:2.3:a:realnetworks:realplayer:10.5
  • cpe:2.3:a:realnetworks:realplayer:11
    cpe:2.3:a:realnetworks:realplayer:11
CVSS
Base: 9.3 (as of 13-03-2008 - 10:40)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit. CVE-2008-1309. Remote exploit for windows platform
    file exploits/windows/remote/5332.html
    id EDB-ID:5332
    last seen 2016-01-31
    modified 2008-04-01
    platform windows
    port
    published 2008-04-01
    reporter Elazar
    source https://www.exploit-db.com/download/5332/
    title Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit
    type remote
  • description RealPlayer rmoc3260.dll ActiveX Control Heap Corruption. CVE-2008-1309. Remote exploit for windows platform
    id EDB-ID:16584
    last seen 2016-02-02
    modified 2010-06-15
    published 2010-06-15
    reporter metasploit
    source https://www.exploit-db.com/download/16584/
    title RealPlayer rmoc3260.dll ActiveX Control Heap Corruption
metasploit via4
description This module exploits a heap corruption vulnerability in the RealPlayer ActiveX control. By sending a specially crafted string to the 'Console' property in the rmoc3260.dll control, an attacker may be able to execute arbitrary code.
id MSF:EXPLOIT/WINDOWS/BROWSER/REALPLAYER_CONSOLE
last seen 2019-02-24
modified 2017-10-05
published 2008-04-01
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/realplayer_console.rb
title RealPlayer rmoc3260.dll ActiveX Control Heap Corruption
nessus via4
  • NASL family Windows
    NASL id REALPLAYER_RMOC3260_ACTIVEX.NASL
    description The remote host contains the Real Player ActiveX control, included with the RealPlayer media player, used to play content in a browser. The version of this control installed on the remote host reportedly contains a buffer overflow that can be leveraged by calls to various methods, such as 'Console', to modify heap blocks after they are freed and overwrite certain registers. If an attacker can trick a user on the affected host into visiting a specially crafted web page, he may be able to use this method to execute arbitrary code on the affected system subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 31418
    published 2008-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31418
    title RealPlayer ActiveX (rmoc3260.dll) Console Property Memory Corruption Arbitrary Code Execution
  • NASL family Windows
    NASL id REALPLAYER_6_0_14_806.NASL
    description According to its build number, the installed version of RealPlayer / on the remote Windows host suffers from possibly several issues : - Heap memory corruption issues in several ActiveX controls can lead to arbitrary code execution. (CVE-2008-1309) - An unspecified local resource reference vulnerability. (CVE-2008-3064) - An SWF file heap-based buffer overflow. (CVE-2007-5400) - A buffer overflow involving the 'import()' method in an ActiveX control implemented by the 'rjbdll.dll' module could result in arbitrary code execution. (CVE-2008-3066) Note that RealPlayer 11 (builds 6.0.14.738 - 6.0.14.802) are only affected by the first issue (CVE-2008-1309).
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 33744
    published 2008-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33744
    title RealPlayer for Windows < Build 6.0.14.806 / 6.0.12.1675 Multiple Vulnerabilities
packetstorm via4
refmap via4
bid 28157
bugtraq 20080725 ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability
cert-vn VU#831457
confirm http://service.real.com/realplayer/security/07252008_player/en/
exploit-db 5332
fulldisc 20080310 Real Networks RealPlayer ActiveX Control Heap Corruption
misc http://www.zerodayinitiative.com/advisories/ZDI-08-047/
sectrack
  • 1019576
  • 1020563
secunia 29315
vupen
  • ADV-2008-0842
  • ADV-2008-2194
xf realplayer-realaudioobjects-code-execution(41087)
statements via4
contributor Mark J Cox
lastmodified 2008-03-18
organization Red Hat
statement Not vulnerable. This issue did not affect versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.
Last major update 19-02-2017 - 00:21
Published 12-03-2008 - 13:44
Last modified 11-10-2018 - 16:31
Back to Top