SAINT CorporationSAINT:22E22B2E6DD55CBB956AB78AC2214575RealPlayer rjbdll.dll ActiveX Control file import buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.96 High
EPSS
Percentile
99.4%
Added: 08/01/2008
CVE: CVE-2008-3066
BID: 30379
OSVDB: 48286
Background
RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages.
Problem
A buffer overflow vulnerability in an ActiveX control in **rjbdll.dll** allows command execution when a user imports a specially crafted file into a media library and then deletes the file.
Resolution
See the RealNetworks advisory for fix information.
References
<http://www.zerodayinitiative.com/advisories/ZDI-08-046/>
Limitations
Exploit works on RealPlayer 10-5 Gold version 10.5-6.0.12.1741 and requires a user to open the exploit page in Internet Explorer.
Platforms
Windows 2000
Windows XP
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.96 High
EPSS
Percentile
99.4%