1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP RealPlayer Ierpplug DLL AX DoS

HTTP RealPlayer Ierpplug DLL AX DoS

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects attempt to cause a DoS vulnerability by passing long arguments into a vulnerable methods of RealMedia RealPlayer Ierpplug.DLL ActiveX Control.

Additional Information

The RealPlayer ActiveX control is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

A remote attacker may exploit these vulnerabilities by presenting a malicious file to a victim and enticing them to open it with the vulnerable application.

Successful attacks can cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Arbitrary code execution may also be possible, but this has not been confirmed.

Affected

  • These issues affect RealPlayer 10.5; other versions may also be affected.

Response

Download and install all vendor patches related to this vulnerability

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube