Strix
26.1K

CVE-2008-1309

UnknownEPSS 45.95%

Last modified

CVE-2008-1309 is a vulnerability of currently unknown severity. The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.. EPSS estimates a 45.95% chance of exploitation in the next 30 days.

Description

The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.

Metrics

EPSS Probability
45.95%

98.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
RealnetworksRealplayerAll versions
RealnetworksRealplayer10.0
RealnetworksRealplayer10.5
RealnetworksRealplayer11

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2008-1309?
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
How severe is CVE-2008-1309?
Severity scoring for CVE-2008-1309 is pending analysis. The EPSS model estimates a 45.95% probability of exploitation in the next 30 days.
How do I fix CVE-2008-1309?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-1309?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST