[Full-disclosure] RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows

Elazar Broad elazarb at earthlink.net
Mon Nov 26 16:00:03 GMT 2007

Previous message: [Full-disclosure] Eee PC Security
Next message: [Full-disclosure] False advertisting and possible click fraud about n3td3v
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Supposedly Real fixed the Import() method overflow in October, http://secunia.com/advisories/27248/, I guess not, or it is no longer exploitable(I haven't tested it). Anyhow, that still leaves the ones that Shinnai found among others, and the PlayerProperty() method that I posted yesterday. 

Elazar

Previous message: [Full-disclosure] Eee PC Security
Next message: [Full-disclosure] False advertisting and possible click fraud about n3td3v
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Full-Disclosure is hosted and sponsored by Secunia.