CVE-2008-1309

RealPlayer - Remote Code Execution via RealAudioObjects.RealAudio ActiveX Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-1309. PoCs published by Metasploit, Elazar, including Metasploit module exploits/windows/browser/realplayer_console.

AI-analyzed exploit summary This exploit targets a heap corruption vulnerability in the RealPlayer ActiveX control (rmoc3260.dll) via the 'Console' property. It uses a crafted HTML page with JavaScript to trigger the vulnerability and execute arbitrary code.

Description

The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16584

This exploit targets a heap corruption vulnerability in the RealPlayer ActiveX control (rmoc3260.dll) via the 'Console' property. It uses a crafted HTML page with JavaScript to trigger the vulnerability and execute arbitrary code.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RealPlayer ActiveX control (rmoc3260.dll)
No auth needed
Prerequisites: Victim must visit a malicious webpage · RealPlayer with vulnerable ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Elazar · htmlremotewindows
https://www.exploit-db.com/exploits/5332

This exploit targets a heap corruption vulnerability in Real Player's rmoc3260.dll ActiveX control (CVE-2008-1309). It uses a heap spray technique to achieve remote code execution by overwriting the 'Console' property of the ActiveX object with malicious shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RealPlayer rmoc3260.dll version 6.0.10.45
No auth needed
Prerequisites: Victim must be using Internet Explorer with ActiveX enabled · Target system must have vulnerable RealPlayer version installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/realplayer_console.rb

This Metasploit module exploits a heap corruption vulnerability in the RealPlayer ActiveX control (rmoc3260.dll) via a crafted string to the 'Console' property, leading to arbitrary code execution. It uses JavaScript to manipulate memory and trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RealPlayer ActiveX control (rmoc3260.dll)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · RealPlayer with vulnerable ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41087
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2194/references
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29315
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019576
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5332
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0842
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-047/
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/831457
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/494779/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020563
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28157

Scores

EPSS 0.4595
EPSS Percentile 98.6%

Details

CWE
CWE-399
Status published
Products (4)
realnetworks/realplayer
realnetworks/realplayer 10.0
realnetworks/realplayer 10.5
realnetworks/realplayer 11
Published Mar 12, 2008
Tracked Since Feb 18, 2026