• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Multiple Memory Corruption Vulnerabilities

RealNetworks RealPlayer 'rmoc3260.dll' ActiveX control is prone to multiple heap-based memory-corruption vulnerabilities.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely crash the application.

The following versions are vulnerable:

RealPlayer 11.0.0 through 11.0.2 (builds 6.0.14.738 through 6.0.14.802)
RealPlayer 10.5 (builds 6.0.12.1040 through 6.0.12.1663, 6.0.12.1698, and 6.0.12.1741)
RealPlayer 10
RealPlayer Enterprise

Other versions may also be affected.