CVE-2008-1309

Related Files

Zero Day Initiative Advisory 08-047

Posted Jul 26, 2008

Authored by Peter Vreugdenhil, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control. Specifying malicious values for the 'Controls' or 'Console' properties with a specific timing results in a memory corruption which can lead to code execution under the context of the current user.

tags | advisory, remote, web, code execution, activex

advisories | CVE-2008-1309

SHA-256 | e5a1b62ac9be31af6068765c6d46144550da0621b7283dcfd5d9530cfd5aafe5

Download | Favorite | View

realplayer_console.rb.txt

Posted Apr 2, 2008

Authored by Elazar Broad

This Metasploit module exploits a heap corruption vulnerability in the RealPlayer ActiveX control. By sending a specially crafted string to the 'Console' property in the rmoc3260.dll control, an attacker may be able to execute arbitrary code.

tags | exploit, arbitrary, activex

advisories | CVE-2008-1309

SHA-256 | fe18e54c7136e0f4ddd02005a5baa3b152573f829ae72ec39f0b69c9755ba6b6

Download | Favorite | View

realplayer-activexexec.txt

Posted Apr 2, 2008

Authored by Elazar Broad

Exploit for the heap corruption vulnerability in the RealPlayer ActiveX control. By sending a specially crafted string to the 'Console' property in the rmoc3260.dll control, an attacker may be able to execute arbitrary code.

tags | exploit, arbitrary, activex

advisories | CVE-2008-1309

SHA-256 | 9c9470fc73ec08b731d851e037405e4cdd3056a7576b171fc5620b4f9224c9bb

Download | Favorite | View