安全研究
安全漏洞
RealNetworks RealPlayer rmoc3260.dll ActiveX控件内存破坏漏洞
发布日期:2008-03-10
更新日期:2008-03-13
受影响系统:
Real Networks RealPlayer 11.0.1 (build 6.0.14.794)描述:
BUGTRAQ ID: 28157
CVE(CAN) ID: CVE-2008-1309
RealPlayer是一款流行的多媒体播放器,支持多种媒体格式。
RealPlayer的rmoc3260.dll ActiveX控件实现上存在漏洞,远程攻击者可能利用此漏洞控制用户系统。
rmoc3260.dll ActiveX控件没有正确地处理Console属性的输入参数,如果用户受骗访问了恶意站点的话,就可能触发内存破坏,导致执行任意指令。
<*来源:Elazar Broad (elazarb@earthlink.net)
链接:http://secunia.com/advisories/29315/
http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html
http://www.kb.cert.org/vuls/id/831457
http://service.real.com/realplayer/security/07252008_player/en/
http://marc.info/?l=bugtraq&m=121702297824716&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
while (buf.length < 1005) buf = buf + 'A';
m = obj.Console;
obj.Console = buf;
obj.Console = m
//repeat
m = obj.Console;
obj.Console = buf;
obj.Console = m --> Should crash here
建议:
临时解决方法:
* 在IE中禁用RealPlayer ActiveX控件,为以下CLSID设置kill bit:
{0FDF6D6B-D672-463B-846E-C6FF49109662}
{224E833B-2CC6-42D9-AE39-90B6A38A4FA2}
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}
{3B46067C-FD87-49B6-8DDD-12F0D687035F}
{3B5E0503-DE28-4BE8-919C-76E0E894A3C2}
{44CCBCEB-BA7E-4C99-A078-9F683832D493}
{A1A41E11-91DB-4461-95CD-0C02327FD934}
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
或者将以下文本保存为.REG文件并导入:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0FDF6D6B-D672-463B-846E-C6FF49109662}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{224E833B-2CC6-42D9-AE39-90B6A38A4FA2}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3B46067C-FD87-49B6-8DDD-12F0D687035F}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3B5E0503-DE28-4BE8-919C-76E0E894A3C2}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{44CCBCEB-BA7E-4C99-A078-9F683832D493}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A41E11-91DB-4461-95CD-0C02327FD934}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}]
"Compatibility Flags"=dword:00000400
厂商补丁:
Real Networks
-------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.real.com
浏览次数:4014
严重程度:0(网友投票)
绿盟科技给您安全的保障