Showing 1 - 1 of 1

Files

RealNetworks RealPlayer Code Execution: Posted Jan 13, 2011; Authored by Sean de Regge; Proof of concept code that demonstrates the parameter injection bug in Realplayers RecordClip() active-x function and firefox plug-in.; tags | exploit, activex, proof of concept; SHA-256 | 7b18c3b5a9970d8c01c331496f0c8e4acc8c9971ea87892773cf44ea08e54bb7; Download | Favorite | View

Related Files

Zero Day Initiative Advisory 10-211: Posted Oct 16, 2010; Authored by Tipping Point | Site zerodayinitiative.com; Zero Day Initiative Advisory 10-211 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the browser plugins provided by RealNetworks. The RecordClip method can be access via the ActiveX control or the Firefox plugin. By injecting a specific character into the arguments to this method, invalid parameters can be passed to a child process that is launched on the local system. This parameter injection allows an attacker to download and subsequently execute a file on a target system, thus allowing for remote code execution.; tags | advisory, remote, arbitrary, local, code execution, activex; advisories | CVE-2010-3749; SHA-256 | 280b0bab89aa5f37e481f361348edb2e1fa6446339b4cc62f1d7ae34fd2863c4; Download | Favorite | View

Page 1 of 1 Back 1 Next