SAINT CorporationSAINT:0A77D121F516CF08C654C087A0164FFDRealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.953 High
EPSS
Percentile
99.4%
Added: 10/22/2010
CVE: CVE-2010-3747
BID: 44144
OSVDB: 68673
Background
RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages.
Problem
CDDA (cdda://) is a protocol used to locate media files on Compact Disc Digital Audio. The **Source** property of the ActiveX control with **ProgID** **rmocx.RealPlayer G2 Control.1** in **rmoc3260.dll** is used to specify the URI of the location of a media file via URIs based on **pnm:**, **file:**, or **http:** protocols, not **cdda:**. By setting the **Source** property to a CDDA URI, an attacker can cause code to be executed from an uninitialized pointer, and a long enough CDDA URI can control the value of the uninitialized pointer, thereby allowing remote code execution in the security context of the currently logged on user.
Resolution
See the RealNetworks advisory for fix information.
References
<http://www.zerodayinitiative.com/advisories/ZDI-10-210/>
Limitations
Exploit works on RealNetworks Realplayer 11.1.1 and requires the user to open the exploit page using Internet Explorer 6 or 7.
Platforms
Windows
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.953 High
EPSS
Percentile
99.4%