Preemptive Protection against RealNetworks RealPlayer ActiveX Import Method Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2008-109 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA27620 | |
| Industry Reference(s): | CVE-2008-3066 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? RealNetworks RealPlayer for Windows 10 RealNetworks RealPlayer for Windows 10.5 RealNetworks RealPlayer Enterprise | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in RealNetworks RealPlayer application. RealNetworks RealPlayer and RealOne Player are media player applications that are capable of playing back numerous multimedia file formats. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system. |
||
|
Update/Patch Available Update your product to the latest version: Real |
|
|
Vulnerability Details The vulnerability is due to an error in a RealPlayer ActiveX control that fails to properly handle deletion of media library files. To trigger this issue, an attacker may create a malicious web page that will exploit this vulnerability. Successful exploitation may allow execution of arbitrary code on a vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the vulnerable ActiveX Control. Depending on the traffic mix, activating this protection may result in performance degradation. No update is required to address this vulnerability.
Users are protected against this vulnerability if the Protection against RealNetworks RealPlayer Playlist Handling Buffer Overflow Vulnerability addressed in CPAI-2008-061 has been applied.
To configure the defense, select your product from the list below and follow the related protection steps.