CVE-2008-3066
RealNetworks RealPlayer Library File Deletion Stack Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.
Desbordamiento de búfer basado en pila en ciertos controles ActiveX en rjbdll.dll en RealNetworks RealPlayer Enterprise, RealPlayer 10, y RealPlayer 10.5 anterior a la build 6.0.12.1675, permite a atacantes remotos ejecutar código de su elección importando un archivo a una librería de medios y posteriormente eliminando el mencionado archivo.
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists in RealPlayer's rjbdll.dll module when handling the deletion of media library files. An attacker could exploit this vulnerability using an ActiveX control {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} to import a vulnerable file into the user's media library. Upon deletion of this file, an exploitable stack based buffer overflow can be triggered.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-07-07 CVE Reserved
- 2008-07-25 CVE Published
- 2024-05-24 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1020565 | Vdb Entry | |
| http://service.real.com/realplayer/security/07252008_player/en | X_refsource_confirm | |
| http://www.kb.cert.org/vuls/id/461187 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/494778/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/30376 | Vdb Entry | |
| http://www.securityfocus.com/bid/30379 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2194/references | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-046 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44013 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.0 Search vendor "Realnetworks" for product "Realplayer" and version "10.0" | - |
Affected
| ||||||
| Realnetworks Search vendor "Realnetworks" | Realplayer Search vendor "Realnetworks" for product "Realplayer" | 10.5 Search vendor "Realnetworks" for product "Realplayer" and version "10.5" | - |
Affected
| ||||||