Added: 10/25/2007
CVE: CVE-2007-5601
BID: 26130
OSVDB: 41430
RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages.
The RealPlayer Database Component (**MPAMedia.dll**
) is affected by a buffer overflow vulnerability when handling playlist names. This vulnerability can be exploited through the **ierpplug.dll**
ActiveX control, allowing command execution when the user loads an attacker’s web page.
Apply the patch provided by RealNetworks.
<http://www.kb.cert.org/vuls/id/871673>
Exploit works on RealNetworks RealPlayer 10-5 Gold 10.5-6.0.12.1662 and requires a user to load the exploit page in Internet Explorer.
Windows XP