SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   RealOne (RealPlayer) Vendors:   RealNetworks
RealPlayer Lets Remote Users Load Scripting Code from Local Files
SecurityTracker Alert ID:  1013054
SecurityTracker URL:  http://securitytracker.com/id/1013054
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 2 2005
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system
Exploit Included:  Yes  
Version(s): 10.5 Build 6.0.12.1056
Description:   A vulnerability was reported in RealPlayer. A remote user can cause the player to run scripting code in the Local Computer zone.

http-equiv reported that a remote user can create a specially crafted Real Media file that, when loaded by the target user, will cause RealPlayer to load files from the target system and execute scripting code in the files in the Local Computer zone.

A demonstration exploit file is available at:

http://www.malware.com/realmware.rm

A demonstration exploit involving Microsoft Internet Explorer is available at:

http://www.malware.com/reelcigar.html

Impact:   A remote user can cause specified files to be loaded on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.real.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  SAME LADY, DIFFERENT HAT: REELY




Remote read / write / delete oozing the Internet Explorer object, which no 
one seems to have bothered to care about in 5 years. Same repitious jonk, 
if you haven't learnt by now, don't cry tomorrow. We can't all go around 
with a poop scoop picking up your pathetic droppings !

http://www.malware.com/reelcigar.html

Notes:

1. Too Slow !
2. Geting Rusty !



-- 
http://www.malware.com





 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC