RealPlayer rjbdll.dll ActiveX Control file import buffer overflow

Added: 08/01/2008
CVE: CVE-2008-3066
BID: 30379
OSVDB: 48286

Background

RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages.

Problem

A buffer overflow vulnerability in an ActiveX control in rjbdll.dll allows command execution when a user imports a specially crafted file into a media library and then deletes the file.

Resolution

See the RealNetworks advisory for fix information.

References

http://www.zerodayinitiative.com/advisories/ZDI-08-046/

Limitations

Exploit works on RealPlayer 10-5 Gold version 10.5-6.0.12.1741 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows 2000
Windows XP

Back to exploit index