Added: 08/01/2008
CVE: CVE-2008-3066
BID: 30379
OSVDB: 48286
RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages.
A buffer overflow vulnerability in an ActiveX control in **rjbdll.dll**
allows command execution when a user imports a specially crafted file into a media library and then deletes the file.
See the RealNetworks advisory for fix information.
<http://www.zerodayinitiative.com/advisories/ZDI-08-046/>
Exploit works on RealPlayer 10-5 Gold version 10.5-6.0.12.1741 and requires a user to open the exploit page in Internet Explorer.
Windows 2000
Windows XP