RealPlayer ActiveX (rmoc3260.dll) Console Property Memory Corruption Arbitrary Code Execution
High Nessus Plugin ID 31418
SynopsisThe remote Windows host has an ActiveX control that is affected by heap memory corruption vulnerabilities.
DescriptionThe remote host contains the Real Player ActiveX control, included with the RealPlayer media player, used to play content in a browser.
The version of this control installed on the remote host reportedly contains a buffer overflow that can be leveraged by calls to various methods, such as 'Console', to modify heap blocks after they are freed and overwrite certain registers. If an attacker can trick a user on the affected host into visiting a specially crafted web page, he may be able to use this method to execute arbitrary code on the affected system subject to the user's privileges.
SolutionUpgrade to RealPlayer 11.0.3 (build 188.8.131.526) / RealPlayer 10.5 (build 184.108.40.2065) or later.