CVE-2008-1309

Name of the Vulnerable Software and Affected Versions RealPlayer versions prior to 10.5 build 6.0.12.1675 RealPlayer versions 11.0.1 build 6.0.14.794 and earlier RealPlayer Enterprise (affected versions not specified)

Description The issue arises from the RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, which does not properly manage memory for the Console or Controls property. This allows remote attackers to execute arbitrary code or cause a denial of service, such as a browser crash, via a series of assignments of long string values. The attack triggers an overwrite of freed heap memory.

Recommendations For RealPlayer versions prior to 10.5 build 6.0.12.1675, update to build 6.0.12.1675 or later. For RealPlayer versions 11.0.1 build 6.0.14.794 and earlier, update to version 11.0.3 build 6.0.14.806 or later. For RealPlayer Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.