AOH :: HP Unsorted R :: BX3913.HTM

RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability



RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability
RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability



RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability

by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net 


Summary:

    An illegal resource reference vulnerability exists in the ActiveX
Control of RealNetworks RealPlayer. For exploiting the vulnerability,
the attacker may build a special web page and entrap the victim into
visiting it, if the local system has installed RealPlayer, the local
resources (or any other illegal resources) will be accessed. This
vulnerability may assist in exploitation of other vulnerabilities.



Affected Software Versions:

    RealPlayer 10.6 and previous versions
    (other versions may also be affected)



Details:
	
    Currently there is no details released.



Solution:

    The vendor has fixed this vulnerability, the vendor's advisory is
available on:

http://service.real.com/realplayer/security/07252008_player/en/ 



CVE Information:

    CVE-2008-3064



Disclosure Timeline:

    2006.12.19        Vendor notified
    2006.12.20        Vendor responded
    2008.07.23        Notified by the vendor that patch and advisory were coming
    2008.07.25        Vendor's advisory released
    2008.07.29        Advisory released



--EOF--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.