RealPlayer ActiveX (rmoc3260.dll) Console Property Memory Corruption Arbitrary Code Execution

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by
heap memory corruption vulnerabilities.

Description :

The remote host contains the Real Player ActiveX control, included
with the RealPlayer media player, used to play content in a
browser.

The version of this control installed on the remote host reportedly
contains a buffer overflow that can be leveraged by calls to various
methods, such as 'Console', to modify heap blocks after they are freed
and overwrite certain registers. If an attacker can trick a user on
the affected host into visiting a specially crafted web page, he may
be able to use this method to execute arbitrary code on the affected
system subject to the user's privileges.

See also :

http://seclists.org/fulldisclosure/2008/Mar/156
http://service.real.com/realplayer/security/07252008_player/en/

Solution :

Upgrade to RealPlayer 11.0.3 (build 6.0.14.806) / RealPlayer 10.5
(build 6.0.12.1675) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 31418 ()

Bugtraq ID: 28157

CVE ID: CVE-2008-1309

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now