Intrusion Prevention

RealNetworks.RealPlayer.Remoc3260.dll.Insecure.Method.Access

Description

This indicates a possible attempt to exploit an illegal resource reference vulnerability in RealNetworks' RealPlayer.
The vulnerability is located in the "rmoc3260.dll" ActiveX control and is caused by the misuse of the "DoGotoURL" method. It may allow remote attackers to access arbitrary resource using the affected ActiveX control.

Affected Products

RealPlayer 10.6 and previous versions

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Please refer to following URL to get the patch on this issue from the vendor:
http://service.real.com/realplayer/security/07252008_player/en/

CVE References

CVE-2008-3064