Full Disclosure: Re: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows

From: Elazar Broad <elazarb () earthlink net>
Date: Mon, 26 Nov 2007 11:00:03 -0500 (GMT-05:00)

Supposedly Real fixed the Import() method overflow in October, http://secunia.com/advisories/27248/, I guess not, or it 
is no longer exploitable(I haven't tested it). Anyhow, that still leaves the ones that Shinnai found among others, and 
the PlayerProperty() method that I posted yesterday. 

Elazar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows Elazar Broad (Nov 26)
- <Possible follow-ups>
- Re: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows Elazar Broad (Nov 26)