Signature Detail

HTTP: RealNetworks RealPlayer Unsafe ActiveX Control

This signature detects attempts to exploit a known vulnerability in RealNetworks' RealPlayer ActiveX control (rmoc3260.dll). An attacker can create a malicious Web site containing Web pages with dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

RealNetworks RealPlayer 'rmoc3260.dll' ActiveX control is prone to a memory-corruption vulnerability. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely crash the application.

Affected Products

• Real Networks RealPlayer 10.0.0
• Real Networks RealPlayer 10.5.0
• Real Networks RealPlayer 10.5.0 Beta v6.0.12.1016
• Real Networks RealPlayer 10.5.0 V6.0.12.1040
• Real Networks RealPlayer 10.5.0 V6.0.12.1053
• Real Networks RealPlayer 10.5.0 V6.0.12.1056
• Real Networks RealPlayer 10.5.0 V6.0.12.1059
• Real Networks RealPlayer 10.5.0 V6.0.12.1069
• Real Networks RealPlayer 10.5.0 V6.0.12.1235
• Real Networks RealPlayer 10.5.0 V6.0.12.1348
• Real Networks RealPlayer 10.5.0 V6.0.12.1483
• Real Networks RealPlayer 11
• Real Networks RealPlayer 11.0.2
• Real Networks RealPlayer Enterprise
• Real Networks rmoc3260.dll 6.0.10.45

References

• BugTraq: 28157
• BugTraq: 44144
• BugTraq: 44450
• BugTraq: 26660
• BugTraq: 24658
• CVE: CVE-2008-1309
• CVE: CVE-2007-3410
• CVE: CVE-2007-6224
• CVE: CVE-2010-3747
• URL: http://www.zerodayinitiative.com/advisories/ZDI-10-210/
• URL: http://service.real.com/realplayer/security/10152010_player/en/
• URL: http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html
• URL: http://www.realnetworks.com/