RealPlayer for Windows < / Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 4608


The remote Windows application is affected by at least one security vulnerability.


According to its version number, the installed version of RealPlayer / RealPlayer Enterprise on the remote Windows host suffers from possibly several issues :

- Heap memory corruption issues in several ActiveX controls can lead to arbitrary code execution (CVE-2008-1309).
- An unspecified local resource reference vulnerability (CVE-2008-3064).
- An SWF file heap-based buffer overflow (CVE-2007-5400).
- A buffer overflow involving the 'import()' method in an ActiveX control implemented by the 'rjbdll.dll' module could result in arbitrary code execution (CVE-2008-3066).

Note that RealPlayer 11 (builds - are only affected by the first issue (CVE-2008-1309).
Note that the vendor's advisory states that version numbers for RealPlayer 10.5 are not sequential.


Upgrade to RealPlayer 11.0.3 (build / RealPlayer 10.5 (build or higher.

See Also

Plugin Details

Severity: Medium

ID: 4608

Family: Web Clients

Published: 8/4/2008

Updated: 3/6/2019

Nessus ID: 33744

Risk Information


Risk Factor: High

Score: 8.9


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P


Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (RealPlayer rmoc3260.dll ActiveX Control Heap Corruption)

Reference Information

CVE: CVE-2007-5400, CVE-2008-1309, CVE-2008-3064, CVE-2008-3066

BID: 30370, 28157, 30376, 30378, 30379