RealPlayer ActiveX (rmoc3260.dll) Console Property Memory Corruption Arbitrary Code Execution

High Nessus Plugin ID 31418


The remote Windows host has an ActiveX control that is affected by heap memory corruption vulnerabilities.


The remote host contains the Real Player ActiveX control, included with the RealPlayer media player, used to play content in a browser.

The version of this control installed on the remote host reportedly contains a buffer overflow that can be leveraged by calls to various methods, such as 'Console', to modify heap blocks after they are freed and overwrite certain registers. If an attacker can trick a user on the affected host into visiting a specially crafted web page, he may be able to use this method to execute arbitrary code on the affected system subject to the user's privileges.


Upgrade to RealPlayer 11.0.3 (build / RealPlayer 10.5 (build or later.

See Also

Plugin Details

Severity: High

ID: 31418

File Name: realplayer_rmoc3260_activex.nasl

Version: $Revision: 1.25 $

Type: local

Agent: windows

Family: Windows

Published: 2008/03/12

Modified: 2016/12/09

Dependencies: 20183, 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Required KB Items: SMB/RealPlayer/Product, SMB/RealPlayer/Build, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (RealPlayer rmoc3260.dll ActiveX Control Heap Corruption)

Reference Information

CVE: CVE-2008-1309

BID: 28157

OSVDB: 42946

CERT: 831457

Secunia: 29315

CWE: 399