HTTP: RealNetworks RealPlayer Unsafe ActiveX Control
This signature detects attempts to exploit a known vulnerability in RealNetworks' RealPlayer ActiveX control (rmoc3260.dll). An attacker can create a malicious Web site containing Web pages with dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
RealNetworks RealPlayer 'rmoc3260.dll' ActiveX control is prone to a memory-corruption vulnerability. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely crash the application.
Affected Products
Real_networks realplayer
Short Name
HTTP:STC:ACTIVEX:REAL-PLAYER
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2007-3410 CVE-2007-6224 CVE-2008-1309 CVE-2010-3747 Control RealNetworks RealPlayer Unsafe bid:24658 bid:26660 bid:28157 bid:44144 bid:44450
Release Date
03/12/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Rarely
Vendors
Real_networks
CVSS Score
9.3
5.0