MSIE RealPlayer rmoc ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a memory corruption vulnerability in RealPlayer which could result in remote code execution.

Additional Information

RealNetworks RealPlayer is an application that allows users to play various media formats.

RealPlayer 'rmoc3260.dll' ActiveX control is prone to a memory-corruption vulnerability. This ActiveX control is associated with the following CLSIDs:

3B5E0503-DE28-4BE8-919C-76E0E894A3C2
2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93
A1A41E11-91DB-4461-95CD-0C02327FD934
CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA
0FDF6D6B-D672-463B-846E-C6FF49109662
3B46067C-FD87-49B6-8DDD-12F0D687035F
224E833B-2CC6-42D9-AE39-90B6A38A4FA2
44CCBCEB-BA7E-4C99-A078-9F683832D493

This issue affects the 'Console()' method; other methods may also be vulnerable.

An attacker can exploit this issue by enticing an unsuspecting user to view a malicious HTML page.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely crash the application.

Affected:

RealPlayer 11 is vulnerable; other versions may also be affected.

Response

The vendor addressed this issue in RealPlayer 11.0.2. Please contact the vendor for details.

Possible False Positives

There are no known false positives associated with this signature.

Additional References

• CVE-2008-1309
  
  
• SecurityFocus BID: 28157