9.3

CVE-2008-1309

Exploit

EPSS 75.49%
Published 12.03.2008 17:44:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.

Affected products Warnungen 0 Metrics 2 CWE 0 References 16

Data is provided by the National Vulnerability Database (NVD)

Realnetworks ≫ Realplayer Editionenterprise

Realnetworks ≫ Realplayer Version10.0

Realnetworks ≫ Realplayer Version10.5

Realnetworks ≫ Realplayer Version11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	75.49%	0.988

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html

http://secunia.com/advisories/29315

Vendor Advisory

http://service.real.com/realplayer/security/07252008_player/en/

Vendor Advisory

http://www.kb.cert.org/vuls/id/831457

US Government Resource

http://www.securityfocus.com/archive/1/494779/100/0/threaded

http://www.securityfocus.com/bid/28157

Exploit

http://www.securitytracker.com/id?1019576

http://www.securitytracker.com/id?1020563

http://www.vupen.com/english/advisories/2008/0842

Vendor Advisory

http://www.vupen.com/english/advisories/2008/2194/references

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-08-047/

https://exchange.xforce.ibmcloud.com/vulnerabilities/41087

https://www.exploit-db.com/exploits/5332

https://nvd.nist.gov/vuln/detail/CVE-2008-1309

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1309

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1309

EUVD