Lucene search
SAINT CorporationSAINT:4EF936875EF721D3C0273274A495171FHistoryAug 01, 2008 - 12:00 a.m.
RealPlayer rjbdll.dll ActiveX Control file import buffer overflow
2008-08-0100:00:00
SAINT Corporation
download.saintcorporation.com
7
0.96 High
EPSS
Percentile
99.5%
Added: 08/01/2008
CVE: CVE-2008-3066
BID: 30379
OSVDB: 48286
Background
RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages.
Problem
A buffer overflow vulnerability in an ActiveX control in **rjbdll.dll** allows command execution when a user imports a specially crafted file into a media library and then deletes the file.
Resolution
See the RealNetworks advisory for fix information.
References
<http://www.zerodayinitiative.com/advisories/ZDI-08-046/>
Limitations
Exploit works on RealPlayer 10-5 Gold version 10.5-6.0.12.1741 and requires a user to open the exploit page in Internet Explorer.
Platforms
Windows 2000
Windows XP
Related
zdi
zdi
RealNetworks RealPlayer Library File Deletion Stack Overflow Vulnerability
2008-07-25 00:00:00
saint
saint
RealPlayer rjbdll.dll ActiveX Control file import buffer overflow
2008-08-01 00:00:00
RealPlayer rjbdll.dll ActiveX Control file import buffer overflow
2008-08-01 00:00:00
RealPlayer rjbdll.dll ActiveX Control file import buffer overflow
2008-08-01 00:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2008-3066
2008-07-28 17:41:00
seebug
seebug
RealPlayer rjbdll.dll ActiveX控件Import方式栈溢出漏洞
2008-07-28 00:00:00
prion
prion
Stack overflow
2008-07-28 17:41:00
redhatcve
redhatcve
CVE-2008-3066
2015-10-30 09:54:18
cvelist
cvelist
CVE-2008-3066
2008-07-28 17:00:00
nessus
nessus