cvelistv5 - CVE-2008-1309

CVE-2008-1309 (GCVE-0-2008-1309)

Vulnerability from cvelistv5 – Published: 2008-03-12 17:00 – Updated: 2024-08-07 08:17

Summary

The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2008/2194…	vdb-entryx_refsource_VUPEN
	http://service.real.com/realplayer/security/07252…	x_refsource_CONFIRM
	http://secunia.com/advisories/29315	third-party-advisoryx_refsource_SECUNIA
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://www.securitytracker.com/id?1019576	vdb-entryx_refsource_SECTRACK
	https://www.exploit-db.com/exploits/5332	exploitx_refsource_EXPLOIT-DB
	http://www.vupen.com/english/advisories/2008/0842	vdb-entryx_refsource_VUPEN
	http://www.zerodayinitiative.com/advisories/ZDI-08-047/	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/831457	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/494779/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1020563	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/28157	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:17:33.628Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "realplayer-realaudioobjects-code-execution(41087)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41087"
          },
          {
            "name": "ADV-2008-2194",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2194/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://service.real.com/realplayer/security/07252008_player/en/"
          },
          {
            "name": "29315",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29315"
          },
          {
            "name": "20080310 Real Networks RealPlayer ActiveX Control Heap Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html"
          },
          {
            "name": "1019576",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019576"
          },
          {
            "name": "5332",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5332"
          },
          {
            "name": "ADV-2008-0842",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0842"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/"
          },
          {
            "name": "VU#831457",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/831457"
          },
          {
            "name": "20080725 ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/494779/100/0/threaded"
          },
          {
            "name": "1020563",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020563"
          },
          {
            "name": "28157",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28157"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "realplayer-realaudioobjects-code-execution(41087)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41087"
        },
        {
          "name": "ADV-2008-2194",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2194/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://service.real.com/realplayer/security/07252008_player/en/"
        },
        {
          "name": "29315",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29315"
        },
        {
          "name": "20080310 Real Networks RealPlayer ActiveX Control Heap Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html"
        },
        {
          "name": "1019576",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019576"
        },
        {
          "name": "5332",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/5332"
        },
        {
          "name": "ADV-2008-0842",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0842"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/"
        },
        {
          "name": "VU#831457",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/831457"
        },
        {
          "name": "20080725 ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/494779/100/0/threaded"
        },
        {
          "name": "1020563",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020563"
        },
        {
          "name": "28157",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28157"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1309",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "realplayer-realaudioobjects-code-execution(41087)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41087"
            },
            {
              "name": "ADV-2008-2194",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2194/references"
            },
            {
              "name": "http://service.real.com/realplayer/security/07252008_player/en/",
              "refsource": "CONFIRM",
              "url": "http://service.real.com/realplayer/security/07252008_player/en/"
            },
            {
              "name": "29315",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29315"
            },
            {
              "name": "20080310 Real Networks RealPlayer ActiveX Control Heap Corruption",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html"
            },
            {
              "name": "1019576",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019576"
            },
            {
              "name": "5332",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/5332"
            },
            {
              "name": "ADV-2008-0842",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0842"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/"
            },
            {
              "name": "VU#831457",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/831457"
            },
            {
              "name": "20080725 ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/494779/100/0/threaded"
            },
            {
              "name": "1020563",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020563"
            },
            {
              "name": "28157",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28157"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1309",
    "datePublished": "2008-03-12T17:00:00",
    "dateReserved": "2008-03-12T00:00:00",
    "dateUpdated": "2024-08-07T08:17:33.628Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"19BC5A59-BCBD-4859-8329-B4974D43DB90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD49D16C-B0AC-4228-9984-010661596232\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"348F3214-E5C2-4D39-916F-1B0263D13F40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72A94395-4F1A-4310-85A8-F46A76EE3A12\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.\"}, {\"lang\": \"es\", \"value\": \"El control de ActiveX RealAudioObjects.RealAudio en rmoc3260.dll en RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 en versiones anteriores a build 6.0.12.1675 y RealPlayer 11 en versiones anteriores a 11.0.3 build 6.0.14.806 no gestiona adecuadamente la memoria para la propiedad (1) Console o (2) Controls, lo que permite a atacantes remotos ejecutar c\\u00f3digo arbitrario o provocar una denegaci\\u00f3n de servicio (ca\\u00edda del navegador) a trav\\u00e9s de una serie de asignaciones de valores de cadena larga, lo que desencadena una sobrescritura de la memoria din\\u00e1mica liberada.\"}]",
      "id": "CVE-2008-1309",
      "lastModified": "2024-11-21T00:44:13.993",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-03-12T17:44:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29315\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://service.real.com/realplayer/security/07252008_player/en/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/831457\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/494779/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28157\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019576\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1020563\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0842\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2194/references\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-08-047/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41087\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/5332\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29315\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://service.real.com/realplayer/security/07252008_player/en/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/831457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/494779/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28157\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019576\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1020563\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0842\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2194/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-08-047/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41087\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/5332\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Not vulnerable. This issue did not affect versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.\", \"lastModified\": \"2008-03-18T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1309\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-12T17:44:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.\"},{\"lang\":\"es\",\"value\":\"El control de ActiveX RealAudioObjects.RealAudio en rmoc3260.dll en RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 en versiones anteriores a build 6.0.12.1675 y RealPlayer 11 en versiones anteriores a 11.0.3 build 6.0.14.806 no gestiona adecuadamente la memoria para la propiedad (1) Console o (2) Controls, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (ca\u00edda del navegador) a trav\u00e9s de una serie de asignaciones de valores de cadena larga, lo que desencadena una sobrescritura de la memoria din\u00e1mica liberada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"19BC5A59-BCBD-4859-8329-B4974D43DB90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD49D16C-B0AC-4228-9984-010661596232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348F3214-E5C2-4D39-916F-1B0263D13F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A94395-4F1A-4310-85A8-F46A76EE3A12\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29315\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://service.real.com/realplayer/security/07252008_player/en/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/831457\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/494779/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28157\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019576\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1020563\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0842\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2194/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-08-047/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41087\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/5332\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29315\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://service.real.com/realplayer/security/07252008_player/en/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/831457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/494779/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019576\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0842\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2194/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-08-047/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/5332\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.\",\"lastModified\":\"2008-03-18T00:00:00\"}]}}"
  }
}

CERTA-2008-AVI-378

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectant RealPlayer sur différentes plateformes ont été corrigées.

Description

Quatre vulnérabilités affectant RealPlayer ont été corrigées par la dernière mise à jour. Deux concernent l'ActiveX associé au lecteur multimédia alors qu'une autre est présente lors de la lecture de fichier SFW. La dernière, non documentée, permet un dépassement de mémoire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions antérieures aux suivantes sont vulnérables :

RealPlayer pour Windows 11.0.3 build 6.0.14.806 ;
RealPlayer pour Windows Vista 10.5 build 6.0.12.1675 ;
RealPlayer pour Mac 11 ;
RealPlayer pour Linux 11.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour de RealPlayer du 25 juillet 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes versions ant\u00e9rieures aux suivantes  sont vuln\u00e9rables :  \u003cUL\u003e    \u003cLI\u003eRealPlayer pour Windows 11.0.3 build 6.0.14.806 ;\u003c/LI\u003e    \u003cLI\u003eRealPlayer pour Windows Vista 10.5 build 6.0.12.1675 ;\u003c/LI\u003e    \u003cLI\u003eRealPlayer pour Mac 11 ;\u003c/LI\u003e    \u003cLI\u003eRealPlayer pour Linux 11.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nQuatre vuln\u00e9rabilit\u00e9s affectant RealPlayer ont \u00e9t\u00e9 corrig\u00e9es par la\nderni\u00e8re mise \u00e0 jour. Deux concernent l\u0027ActiveX associ\u00e9 au lecteur\nmultim\u00e9dia alors qu\u0027une autre est pr\u00e9sente lors de la lecture de fichier\nSFW. La derni\u00e8re, non document\u00e9e, permet un d\u00e9passement de m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-3064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3064"
    },
    {
      "name": "CVE-2008-3066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3066"
    },
    {
      "name": "CVE-2008-1309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1309"
    },
    {
      "name": "CVE-2007-5400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5400"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-378",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-07-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant RealPlayer sur diff\u00e9rentes\nplateformes ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans RealPlayer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour de RealPlayer du 25 juillet 2008",
      "url": "http://service.real.com/realplayer/security/07252008_player/en"
    }
  ]
}

CERTA-2008-AVI-378

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectant RealPlayer sur différentes plateformes ont été corrigées.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions antérieures aux suivantes sont vulnérables :

RealPlayer pour Windows 11.0.3 build 6.0.14.806 ;
RealPlayer pour Windows Vista 10.5 build 6.0.12.1675 ;
RealPlayer pour Mac 11 ;
RealPlayer pour Linux 11.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour de RealPlayer du 25 juillet 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes versions ant\u00e9rieures aux suivantes  sont vuln\u00e9rables :  \u003cUL\u003e    \u003cLI\u003eRealPlayer pour Windows 11.0.3 build 6.0.14.806 ;\u003c/LI\u003e    \u003cLI\u003eRealPlayer pour Windows Vista 10.5 build 6.0.12.1675 ;\u003c/LI\u003e    \u003cLI\u003eRealPlayer pour Mac 11 ;\u003c/LI\u003e    \u003cLI\u003eRealPlayer pour Linux 11.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nQuatre vuln\u00e9rabilit\u00e9s affectant RealPlayer ont \u00e9t\u00e9 corrig\u00e9es par la\nderni\u00e8re mise \u00e0 jour. Deux concernent l\u0027ActiveX associ\u00e9 au lecteur\nmultim\u00e9dia alors qu\u0027une autre est pr\u00e9sente lors de la lecture de fichier\nSFW. La derni\u00e8re, non document\u00e9e, permet un d\u00e9passement de m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-3064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3064"
    },
    {
      "name": "CVE-2008-3066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3066"
    },
    {
      "name": "CVE-2008-1309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1309"
    },
    {
      "name": "CVE-2007-5400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5400"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-378",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-07-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant RealPlayer sur diff\u00e9rentes\nplateformes ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans RealPlayer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour de RealPlayer du 25 juillet 2008",
      "url": "http://service.real.com/realplayer/security/07252008_player/en"
    }
  ]
}

GSD-2008-1309

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-1309

Aliases

CVE-2008-1309

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1309",
    "description": "The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.",
    "id": "GSD-2008-1309",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2008-1309"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1309"
      ],
      "details": "The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.",
      "id": "GSD-2008-1309",
      "modified": "2023-12-13T01:23:03.369628Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-1309",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "realplayer-realaudioobjects-code-execution(41087)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41087"
          },
          {
            "name": "ADV-2008-2194",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2194/references"
          },
          {
            "name": "http://service.real.com/realplayer/security/07252008_player/en/",
            "refsource": "CONFIRM",
            "url": "http://service.real.com/realplayer/security/07252008_player/en/"
          },
          {
            "name": "29315",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29315"
          },
          {
            "name": "20080310 Real Networks RealPlayer ActiveX Control Heap Corruption",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html"
          },
          {
            "name": "1019576",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019576"
          },
          {
            "name": "5332",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/5332"
          },
          {
            "name": "ADV-2008-0842",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0842"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/"
          },
          {
            "name": "VU#831457",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/831457"
          },
          {
            "name": "20080725 ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/494779/100/0/threaded"
          },
          {
            "name": "1020563",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020563"
          },
          {
            "name": "28157",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28157"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1309"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080310 Real Networks RealPlayer ActiveX Control Heap Corruption",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html"
            },
            {
              "name": "28157",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/28157"
            },
            {
              "name": "29315",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29315"
            },
            {
              "name": "1019576",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019576"
            },
            {
              "name": "VU#831457",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/831457"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/"
            },
            {
              "name": "http://service.real.com/realplayer/security/07252008_player/en/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://service.real.com/realplayer/security/07252008_player/en/"
            },
            {
              "name": "1020563",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020563"
            },
            {
              "name": "ADV-2008-2194",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2194/references"
            },
            {
              "name": "ADV-2008-0842",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0842"
            },
            {
              "name": "realplayer-realaudioobjects-code-execution(41087)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41087"
            },
            {
              "name": "5332",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/5332"
            },
            {
              "name": "20080725 ZDI-08-047: RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/494779/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-11T20:31Z",
      "publishedDate": "2008-03-12T17:44Z"
    }
  }
}

GHSA-G64H-446X-5J6X

Vulnerability from github – Published: 2022-05-01 23:38 – Updated: 2025-04-09 03:52

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1309"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-12T17:44:00Z",
    "severity": "HIGH"
  },
  "details": "The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.",
  "id": "GHSA-g64h-446x-5j6x",
  "modified": "2025-04-09T03:52:30Z",
  "published": "2022-05-01T23:38:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1309"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41087"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/5332"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29315"
    },
    {
      "type": "WEB",
      "url": "http://service.real.com/realplayer/security/07252008_player/en"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/831457"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/494779/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28157"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019576"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020563"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0842"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2194/references"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-047"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-1309

Vulnerability from fkie_nvd - Published: 2008-03-12 17:44 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html
cve@mitre.org	http://secunia.com/advisories/29315	Vendor Advisory
cve@mitre.org	http://service.real.com/realplayer/security/07252008_player/en/	Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/831457	US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/494779/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/28157	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1019576
cve@mitre.org	http://www.securitytracker.com/id?1020563
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0842	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2194/references	Vendor Advisory
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-08-047/
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41087
cve@mitre.org	https://www.exploit-db.com/exploits/5332
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29315	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://service.real.com/realplayer/security/07252008_player/en/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/831457	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/494779/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28157	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019576
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020563
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0842	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2194/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-08-047/
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41087
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/5332

Impacted products

Vendor	Product	Version
realnetworks	realplayer	*
realnetworks	realplayer	10.0
realnetworks	realplayer	10.5
realnetworks	realplayer	11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "19BC5A59-BCBD-4859-8329-B4974D43DB90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:realnetworks:realplayer:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "72A94395-4F1A-4310-85A8-F46A76EE3A12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory."
    },
    {
      "lang": "es",
      "value": "El control de ActiveX RealAudioObjects.RealAudio en rmoc3260.dll en RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 en versiones anteriores a build 6.0.12.1675 y RealPlayer 11 en versiones anteriores a 11.0.3 build 6.0.14.806 no gestiona adecuadamente la memoria para la propiedad (1) Console o (2) Controls, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (ca\u00edda del navegador) a trav\u00e9s de una serie de asignaciones de valores de cadena larga, lo que desencadena una sobrescritura de la memoria din\u00e1mica liberada."
    }
  ],
  "id": "CVE-2008-1309",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-12T17:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29315"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/07252008_player/en/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/831457"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/494779/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/28157"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019576"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020563"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0842"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2194/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41087"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/5332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://service.real.com/realplayer/security/07252008_player/en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/831457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494779/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/28157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0842"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2194/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-047/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/5332"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.",
      "lastModified": "2008-03-18T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1309 (GCVE-0-2008-1309)

CERTA-2008-AVI-378

Description

Solution

CERTA-2008-AVI-378

Description

Solution

GSD-2008-1309

GHSA-G64H-446X-5J6X

FKIE_CVE-2008-1309

Tags

Sightings

Nomenclature