RealPlayer for Windows < Build 6.0.14.806 / 6.0.12.1675 Multiple Vulnerabilities

High Nessus Plugin ID 33744

Synopsis

The remote Windows application is affected by at least one security vulnerability.

Description

According to its build number, the installed version of RealPlayer / on the remote Windows host suffers from possibly several issues :

- Heap memory corruption issues in several ActiveX controls can lead to arbitrary code execution.
(CVE-2008-1309)

- An unspecified local resource reference vulnerability.
(CVE-2008-3064)

- An SWF file heap-based buffer overflow. (CVE-2007-5400)

- A buffer overflow involving the 'import()' method in an ActiveX control implemented by the 'rjbdll.dll' module could result in arbitrary code execution.
(CVE-2008-3066)

Note that RealPlayer 11 (builds 6.0.14.738 - 6.0.14.802) are only affected by the first issue (CVE-2008-1309).

Solution

Upgrade to RealPlayer 11.0.3 (build 6.0.14.806) / RealPlayer 10.5 (build 6.0.12.1675) or later.

Note that the vendor's advisory states that build numbers for RealPlayer 10.5 are not sequential.

See Also

https://seclists.org/fulldisclosure/2008/Mar/156

https://secuniaresearch.flexerasoftware.com/secunia_research/2007-93/advisory/

https://www.zerodayinitiative.com/advisories/ZDI-08-046/

https://www.securityfocus.com/archive/1/494778/30/0/threaded

https://www.zerodayinitiative.com/advisories/ZDI-08-047/

https://www.securityfocus.com/archive/1/494779/30/0/threaded

https://seclists.org/fulldisclosure/2008/Jul/538

http://service.real.com/realplayer/security/07252008_player/en/

Plugin Details

Severity: High

ID: 33744

File Name: realplayer_6_0_14_806.nasl

Version: 1.21

Type: local

Agent: windows

Family: Windows

Published: 2008/07/28

Updated: 2018/11/15

Dependencies: 20183

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Required KB Items: SMB/RealPlayer/Product, SMB/RealPlayer/Build

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (RealPlayer rmoc3260.dll ActiveX Control Heap Corruption)

Reference Information

CVE: CVE-2007-5400, CVE-2008-1309, CVE-2008-3064, CVE-2008-3066

BID: 28157, 30370, 30376, 30378, 30379

Secunia: 27620, 29315

CWE: 119, 264, 399