RealPlayer ActiveX (rmoc3260.dll) Console Property Memory Corruption Arbitrary Code Execution

high Nessus Plugin ID 31418

Synopsis

The remote Windows host has an ActiveX control that is affected by heap memory corruption vulnerabilities.

Description

The remote host contains the Real Player ActiveX control, included with the RealPlayer media player, used to play content in a browser.

The version of this control installed on the remote host reportedly contains a buffer overflow that can be leveraged by calls to various methods, such as 'Console', to modify heap blocks after they are freed and overwrite certain registers. If an attacker can trick a user on the affected host into visiting a specially crafted web page, he may be able to use this method to execute arbitrary code on the affected system subject to the user's privileges.

Solution

Upgrade to RealPlayer 11.0.3 (build 6.0.14.806) / RealPlayer 10.5 (build 6.0.12.1675) or later.

See Also

https://seclists.org/fulldisclosure/2008/Mar/156

http://service.real.com/realplayer/security/07252008_player/en/

Plugin Details

Severity: High

ID: 31418

File Name: realplayer_rmoc3260_activex.nasl

Version: 1.28

Type: local

Agent: windows

Family: Windows

Published: 3/12/2008

Updated: 4/7/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Required KB Items: SMB/RealPlayer/Product, SMB/RealPlayer/Build, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (RealPlayer rmoc3260.dll ActiveX Control Heap Corruption)

Reference Information

CVE: CVE-2008-1309

BID: 28157

CWE: 399

CERT: 831457

Secunia: 29315