9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.96 High
EPSS
Percentile
99.4%
Added: 08/01/2008
CVE: CVE-2008-3066
BID: 30379
OSVDB: 48286
RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages.
A buffer overflow vulnerability in an ActiveX control in **rjbdll.dll**
allows command execution when a user imports a specially crafted file into a media library and then deletes the file.
See the RealNetworks advisory for fix information.
<http://www.zerodayinitiative.com/advisories/ZDI-08-046/>
Exploit works on RealPlayer 10-5 Gold version 10.5-6.0.12.1741 and requires a user to open the exploit page in Internet Explorer.
Windows 2000
Windows XP