PT-2008-4493 · Realnetworks · Realplayer 10.5+3
Published
2008-07-28
·
Updated
2018-10-30
·
CVE-2008-3066
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
RealPlayer versions prior to 6.0.12.1675
RealPlayer 10 versions prior to 6.0.12.1675
RealPlayer 10.5 versions prior to 6.0.12.1675
RealPlayer Enterprise versions prior to 6.0.12.1675
Description:
A stack-based buffer overflow issue exists in a certain ActiveX control in rjbdll.dll. This allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting the file.
Recommendations:
For RealPlayer versions prior to 6.0.12.1675, update to version 6.0.12.1675 or later to resolve the issue.
For RealPlayer 10 versions prior to 6.0.12.1675, update to version 6.0.12.1675 or later to resolve the issue.
For RealPlayer 10.5 versions prior to 6.0.12.1675, update to version 6.0.12.1675 or later to resolve the issue.
For RealPlayer Enterprise versions prior to 6.0.12.1675, update to version 6.0.12.1675 or later to resolve the issue.
As a temporary workaround, consider disabling the ActiveX control in rjbdll.dll until a patch is available.
Fix
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Realplayer
Realplayer 10
Realplayer 10.5
Realplayer Enterprise