CVE-2008-1309
7.7 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.961 High
EPSS
Percentile
99.5%
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
References
lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html
secunia.com/advisories/29315
service.real.com/realplayer/security/07252008_player/en/
www.kb.cert.org/vuls/id/831457
www.securityfocus.com/archive/1/494779/100/0/threaded
www.securityfocus.com/bid/28157
www.securitytracker.com/id?1019576
www.securitytracker.com/id?1020563
www.vupen.com/english/advisories/2008/0842
www.vupen.com/english/advisories/2008/2194/references
www.zerodayinitiative.com/advisories/ZDI-08-047/
exchange.xforce.ibmcloud.com/vulnerabilities/41087
www.exploit-db.com/exploits/5332
Related
7.7 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.961 High
EPSS
Percentile
99.5%