CVE-2008-1309

Published: Mar 12, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.

Affected (4)

Products: Realnetworks: Realplayer

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Realnetworks Realplayer	All versions
Realnetworks Realplayer	Version 10.0
Realnetworks Realplayer	Version 10.5
Realnetworks Realplayer	Version 11

Related CWEs

References (26)

http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html

Source: cve@mitre.org

http://secunia.com/advisories/29315

Source: cve@mitre.org

Vendor Advisory

http://service.real.com/realplayer/security/07252008_player/en/

Source: cve@mitre.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/831457

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/archive/1/494779/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/28157

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1019576

Source: cve@mitre.org

http://www.securitytracker.com/id?1020563

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0842

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2008/2194/references

Source: cve@mitre.org

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-08-047/

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/41087

Source: cve@mitre.org

https://www.exploit-db.com/exploits/5332

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29315

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://service.real.com/realplayer/security/07252008_player/en/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.kb.cert.org/vuls/id/831457

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/archive/1/494779/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/28157

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1019576

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020563

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/0842

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2008/2194/references

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-08-047/

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/41087

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/5332

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.