Home page logo

bugtraq logo Bugtraq mailing list archives

Realone2.0 "pnxr3260.dll" Lets Remote Users IE Browser Crash
From: Wei Li <pcocop () hotmail com>
Date: 22 Dec 2004 18:30:58 -0000

Impact:  Denial of service via network 
Version(s):Realone 2.0(build

   &lt;EMBED ...> puts a browser plugin in the page. A plugin is a special program located on the client computer (i.e. 
not on your web server) that handles its own special type of data file. The most common plugins are for sounds and 
movies. The &lt;EMBED ...> tag gives the location of a data file that the plugin should handle. 

    A vulnerability was found in the IE browser with system installed Realone 2.0(build in the processing 
of the 'embed' tag. A remote user can create HTML that include &lt;EMBED ...> , when loaded by the client user, will 
cause the client user's browser to call the plugin of Realone,and then the IE browser crash. 

The err signature of Iexplorer.exe:
AppName: iexplore.exe    AppVer: 6.0.2800.1106     ModName:pnxr3260.dll
ModVer:       Offset: 00003e98


An attacker can exploit the above-described vulnerability to execute 
arbitrary code under the permissions of the target user. Successful 
exploitation requires that the attacker convince the end user to install realone2.0(build 

Premise:the client user had installed realone2.0(Edition
The following demonstration exploit can cause IE to crash:

&lt;script language=javascript>
function dSend() {

<body onLoad="dSend()">
<P>&lt;EMBED src=http://w.net/mp3/wind.mp3 ></P>

The attacker can insert shellcode script in above html to execute 
arbitrary code.

IV. Solution
Updated to the newest edition of reaone. 

  By Date           By Thread  

Current thread:
  • Realone2.0 "pnxr3260.dll" Lets Remote Users IE Browser Crash Wei Li (Dec 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]