• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RealPlayer RMOC3260.DLL ActiveX Control Import Denial Of Service Vulnerability

RealPlayer is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to cause the victim's browser (typically Internet Explorer) to crash. Given the nature of this issue, the attacker may also be able to execute code, but this has not been confirmed.

RealPlayer 11 is vulnerable; other versions may also be affected.