CVE-2008-1309

RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.

El control de ActiveX RealAudioObjects.RealAudio en rmoc3260.dll en RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 en versiones anteriores a build 6.0.12.1675 y RealPlayer 11 en versiones anteriores a 11.0.3 build 6.0.14.806 no gestiona adecuadamente la memoria para la propiedad (1) Console o (2) Controls, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída del navegador) a través de una serie de asignaciones de valores de cadena larga, lo que desencadena una sobrescritura de la memoria dinámica liberada.

This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site.
The specific flaw exists in the rmoc3260 ActiveX control exposed through the following CLSIDs:
CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA 0FDF6D6B-D672-463B-846E-C6FF49109662 224E833B-2CC6-42D9-AE39-90B6A38A4FA2 2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93 3B46067C-FD87-49B6-8DDD-12F0D687035F 3B5E0503-DE28-4BE8-919C-76E0E894A3C2 44CCBCEB-BA7E-4C99-A078-9F683832D493 A1A41E11-91DB-4461-95CD-0C02327FD934 CFCDA953-8BE4-11CF-B84B-0020AFBBCCFA
Specifying malicious values for the 'Controls' or 'Console' properties with a specific timing results in a memory corruption which can lead to code execution under the context of the current user.

*Credits: Peter Vreugdenhil

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-03-12 CVE Reserved
2008-03-12 CVE Published
2010-06-15 First Exploit
2024-08-07 CVE Updated
2024-09-22 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-399: Resource Management Errors

CAPEC

References (14)

URL	Tag	Source
http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html	Mailing List
http://www.kb.cert.org/vuls/id/831457	Third Party Advisory
http://www.securityfocus.com/archive/1/494779/100/0/threaded	Mailing List
http://www.securitytracker.com/id?1019576	Vdb Entry
http://www.securitytracker.com/id?1020563	Vdb Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-047	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/41087	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/5332	2024-08-07
https://www.exploit-db.com/exploits/16584	2010-06-15
http://www.securityfocus.com/bid/28157	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/29315	2018-10-11
http://service.real.com/realplayer/security/07252008_player/en	2018-10-11
http://www.vupen.com/english/advisories/2008/0842	2018-10-11
http://www.vupen.com/english/advisories/2008/2194/references	2018-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Realnetworks Search vendor "Realnetworks"		Realplayer Search vendor "Realnetworks" for product "Realplayer"				*		enterprise		Affected
Realnetworks Search vendor "Realnetworks"		Realplayer Search vendor "Realnetworks" for product "Realplayer"				10.0 Search vendor "Realnetworks" for product "Realplayer" and version "10.0"		-		Affected
Realnetworks Search vendor "Realnetworks"		Realplayer Search vendor "Realnetworks" for product "Realplayer"				10.5 Search vendor "Realnetworks" for product "Realplayer" and version "10.5"		-		Affected
Realnetworks Search vendor "Realnetworks"		Realplayer Search vendor "Realnetworks" for product "Realplayer"				11 Search vendor "Realnetworks" for product "Realplayer" and version "11"		-		Affected