Secunia Advisory: SA29315
Release Date: 2008-03-11
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: RealPlayer 11.x
Description:
Elazar Broad has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error within the RealPlayer ActiveX Control (rmoc3260.dll) when handling the "Console" property. This can be exploited to cause a memory corruption and execute arbitrary code when a user e.g. is tricked into visiting a malicious website.
The vulnerability is confirmed in RealPlayer version 11.0.1 (build 6.0.14.794) including rmoc3260.dll version 6.0.10.45. Other versions may also be affected.
Solution:
Set the kill-bit for the affected ActiveX control.
Bolletino Sicurezza
Release Date: 2008-03-11
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: RealPlayer 11.x
Description:
Elazar Broad has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error within the RealPlayer ActiveX Control (rmoc3260.dll) when handling the "Console" property. This can be exploited to cause a memory corruption and execute arbitrary code when a user e.g. is tricked into visiting a malicious website.
The vulnerability is confirmed in RealPlayer version 11.0.1 (build 6.0.14.794) including rmoc3260.dll version 6.0.10.45. Other versions may also be affected.
Solution:
Set the kill-bit for the affected ActiveX control.
Bolletino Sicurezza