9.3

CVE-2008-1309

Exploit
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RealnetworksRealplayer Editionenterprise
RealnetworksRealplayer Version10.0
RealnetworksRealplayer Version10.5
RealnetworksRealplayer Version11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 45.95% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html
http://secunia.com/advisories/29315
Vendor Advisory
http://service.real.com/realplayer/security/07252008_player/en/
Vendor Advisory
http://www.kb.cert.org/vuls/id/831457
US Government Resource
http://www.securityfocus.com/archive/1/494779/100/0/threaded
http://www.securityfocus.com/bid/28157
Exploit
http://www.securitytracker.com/id?1019576
http://www.securitytracker.com/id?1020563
http://www.vupen.com/english/advisories/2008/0842
Vendor Advisory
http://www.vupen.com/english/advisories/2008/2194/references
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-047/
https://exchange.xforce.ibmcloud.com/vulnerabilities/41087
https://www.exploit-db.com/exploits/5332