Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows
From: Elazar Broad <elazarb () earthlink net>
Date: Mon, 26 Nov 2007 11:00:03 -0500 (GMT-05:00)

Supposedly Real fixed the Import() method overflow in October, http://secunia.com/advisories/27248/, I guess not, or it 
is no longer exploitable(I haven't tested it). Anyhow, that still leaves the ones that Shinnai found among others, and 
the PlayerProperty() method that I posted yesterday. 


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]