RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability

2008.07.31
Credit: cocoruder
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability by cocoruder(frankruder_at_hotmail.com) http://ruder.cdut.net Summary: An illegal resource reference vulnerability exists in the ActiveX Control of RealNetworks RealPlayer. For exploiting the vulnerability, the attacker may build a special web page and entrap the victim into visiting it, if the local system has installed RealPlayer, the local resources (or any other illegal resources) will be accessed. This vulnerability may assist in exploitation of other vulnerabilities. Affected Software Versions: RealPlayer 10.6 and previous versions (other versions may also be affected) Details: Currently there is no details released. Solution: The vendor has fixed this vulnerability, the vendor's advisory is available on: http://service.real.com/realplayer/security/07252008_player/en/ CVE Information: CVE-2008-3064 Disclosure Timeline: 2006.12.19 Vendor notified 2006.12.20 Vendor responded 2008.07.23 Notified by the vendor that patch and advisory were coming 2008.07.25 Vendor's advisory released 2008.07.29 Advisory released --EOF--

References:

http://seclists.org/fulldisclosure/2008/Jul/0538.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top