• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RealMedia RealPlayer Ierpplug.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities

The RealPlayer ActiveX control is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

A remote attacker may exploit these vulnerabilities by presenting a malicious file to a victim and enticing them to open it with the vulnerable application.

Successful attacks can cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Arbitrary code execution may also be possible, but this has not been confirmed.

These issues affect RealPlayer 10.5; other versions may also be affected.