1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: RealPlayer IERPCtl ActiveX CVE-2007-5601

Web Attack: RealPlayer IERPCtl ActiveX CVE-2007-5601

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability by passing special arguments into a method exported by RealPlayer's plugin.

Additional Information

Real Networks RealPlayer is an application that allows users to play various media formats.

RealPlayer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.

Currently there is very little information available regarding this issue. The issue is being investigated and this BID will be updated as details emerge.

Attackers can exploit this issue to execute arbitrary code in the context of the application using the affected control (typically Internet Explorer). Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

Affected

  • Real Networks RealPlayer 10.0

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube