Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] RealNetworks RealPlayer ActiveX Illegal Resource Refer

from [cocoruder] Network Security [Permanent Link]
Subject: [Full-disclosure] RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability
Date: Tue, 29 Jul 2008 19:43:10 -0700 
RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability

by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net


Summary:

    An illegal resource reference vulnerability exists in the ActiveX
Control of RealNetworks RealPlayer. For exploiting the vulnerability,
the attacker may build a special web page and entrap the victim into
visiting it, if the local system has installed RealPlayer, the local
resources (or any other illegal resources) will be accessed. This
vulnerability may assist in exploitation of other vulnerabilities.



Affected Software Versions:

    RealPlayer 10.6 and previous versions
    (other versions may also be affected)



Details:
        
    Currently there is no details released.



Solution:

    The vendor has fixed this vulnerability, the vendor's advisory is
available on:

    http://service.real.com/realplayer/security/07252008_player/en/



CVE Information:

    CVE-2008-3064



Disclosure Timeline:

    2006.12.19        Vendor notified
    2006.12.20        Vendor responded
    2008.07.23        Notified by the vendor that patch and advisory were coming
    2008.07.25        Vendor's advisory released
    2008.07.29        Advisory released



--EOF--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability, cocoruder <=
Previous by Date:  [Full-disclosure] NULL pointer in Unreal Tournament 2004 v3369, Luigi Auriemma
Next by Date:  [Full-disclosure] Cisco IOS shellcode explanation, Andy Davis
Previous by Thread:  [Full-disclosure] NULL pointer in Unreal Tournament 2004 v3369, Luigi Auriemma
Next by Thread:  [Full-disclosure] Cisco IOS shellcode explanation, Andy Davis
Indexes:  [Date] [Thread] [Top] [All Lists]