PT-2008-4493 · Realnetworks · Realplayer 10.5+3
Publicado
2008-07-28
·
Atualizado
2018-10-30
·
CVE-2008-3066
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
RealPlayer versions prior to 6.0.12.1675
RealPlayer 10 versions prior to 6.0.12.1675
RealPlayer 10.5 versions prior to 6.0.12.1675
RealPlayer Enterprise versions prior to 6.0.12.1675
Description:
A stack-based buffer overflow issue exists in a certain ActiveX control in rjbdll.dll. This allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting the file.
Recommendations:
For RealPlayer versions prior to 6.0.12.1675, update to version 6.0.12.1675 or later to resolve the issue.
For RealPlayer 10 versions prior to 6.0.12.1675, update to version 6.0.12.1675 or later to resolve the issue.
For RealPlayer 10.5 versions prior to 6.0.12.1675, update to version 6.0.12.1675 or later to resolve the issue.
For RealPlayer Enterprise versions prior to 6.0.12.1675, update to version 6.0.12.1675 or later to resolve the issue.
As a temporary workaround, consider disabling the ActiveX control in rjbdll.dll until a patch is available.
Correção
RCE
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Realplayer
Realplayer 10
Realplayer 10.5
Realplayer Enterprise