| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3d7a6e870807291943l59baedb7j76a65f9f762aab2f@mail.gmail.com>
Date: Tue, 29 Jul 2008 19:43:10 -0700
From: cocoruder <cocoruder@...il.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: RealNetworks RealPlayer ActiveX Illegal Resource
Reference Vulnerability
RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability
by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net
Summary:
An illegal resource reference vulnerability exists in the ActiveX
Control of RealNetworks RealPlayer. For exploiting the vulnerability,
the attacker may build a special web page and entrap the victim into
visiting it, if the local system has installed RealPlayer, the local
resources (or any other illegal resources) will be accessed. This
vulnerability may assist in exploitation of other vulnerabilities.
Affected Software Versions:
RealPlayer 10.6 and previous versions
(other versions may also be affected)
Details:
Currently there is no details released.
Solution:
The vendor has fixed this vulnerability, the vendor's advisory is
available on:
http://service.real.com/realplayer/security/07252008_player/en/
CVE Information:
CVE-2008-3064
Disclosure Timeline:
2006.12.19 Vendor notified
2006.12.20 Vendor responded
2008.07.23 Notified by the vendor that patch and advisory were coming
2008.07.25 Vendor's advisory released
2008.07.29 Advisory released
--EOF--
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists