Published: 2007-10-28T13:58+00:00
Last Updated: 2007-10-28T13:58+00:00
TRTA07-297A
RealNetworks RealPlayer ActiveX Playlist Buffer Overflow
Overview
RealNetworks RealPlayer client for Microsoft Windows contains a stack buffer overflow in the playlist paramater passed to the client by an ActiveX control. This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code using a specially crafted web page or HTML email message.
Event Information
| Date (UTC) | Description |
| 2007-10-25 |
Trend Micro TROJ_REAPALL.A Exploit for CVE-2007-5601 |
| 2007-10-24 19:04 |
US-CERT TA07-297A: RealNetworks RealPlayer ActiveX Playlist Buffer Overflow Via US-CERT Mailing List RealNetworks RealPlayer client for Microsoft Windows contains a stack buffer overflow in the playlist paramater passed to the client by an ActiveX control. This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code using a specially crafted web page or HTML email message. |
| 2007-10-22 17:35 |
SANS Internet Storm Center RealPlayer patch for Zero day vulnerability RealNetworks has issued a fix for a vulnerability. |
| 2007-10-20 18:32 |
US-CERT RealNetworks Issues Security Update for RealPlayer Vulnerability RealNetworks has issued a Security Update to address the previously reported buffer overflow vulnerability in RealPlayer. This vulnerability could allow an attacker to execute arbitrary code on an affected system by enticing a user to view a specially crafted HTML document. |
| 2007-10-20 |
RealNetworks October 19, 2007 RealPlayer Update RealNetworks has issued a fix for a vulnerability identified as a malicious web page which affects the import method of an Active X control to cause a stack overflow in the Realplayer. CVE-2007-5601. |
| 2007-10-19 23:01 |
SANS Internet Storm Center Realplayer vulnerability with active exploit We're getting multiple reports of a fresh vulnerability in RealPlayer. We understand there is some active exploitation of it. |
| 2007-10-19 15:11 |
McAfee RealPlayer Zero Day Exploit Hits the Web Computer Security Research - McAfee Avert Labs Blog Last night we obtained a sample of a RealPlayer zero day exploit. RealPlayer 11 Beta, 10.5, and older versions are affected. |
| 2007-10-19 14:29 |
US-CERT Active Exploitation of a Vulnerability in RealPlayer US-CERT is aware of active exploitation of a buffer overflow vulnerability in RealPlayer. This vulnerability affects RealPlayer version 9 and later, and may allow an attacker to execute arbitrary code on an affected system. |
| 2007-10-19 07:46 |
Symantec RealPlayer Exploit On The Loose Yesterday we became aware of an in-the-wild exploitation of a previously unknown RealPlayer vulnerability. This unpatched vulnerability affects the latest versions of RealPlayer and RealPlayer 11 BETA distributed on their site. The issue affects an ActiveX object in the RealPlayer component ierpplug.dll. |
| 2007-10-19 07:08 |
McAfee Exploit-RealPlay.a Exploit-RealPlay.a is a generic detection for malicious Javascript code that attempts to exploit an unknown buffer overflow vulnerability affecting RealPlayer 11 Beta, 10.5 or older versions. |
| 2007-10-19 |
IBM Internet Security Systems RealNetworks RealPlayer unspecified ActiveX buffer overflow An unspecified RealNetworks RealPlayer ActiveX control is vulnerable to a buffer overflow. |
| 2007-10-19 |
Symantec Trojan.Reapall |