Vulnerabilities > CVE-2006-6847 - Remote Denial of Service vulnerability in RealNetworks RealPlayer IERPPLUG.DLL ActiveX Control

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

realnetworks

exploit available

NVD

Published: 2006-12-31

Updated: 2017-10-19

Summary

An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument.

Vulnerable Configurations

Part	Description	Count
Application	Realnetworks Realnetworks Realplayer 10.5 Realnetworks Realplayer 10.5_6.0.12.1016_Beta Realnetworks Realplayer 10.5_6.0.12.1040 Realnetworks Realplayer 10.5_6.0.12.1053 Realnetworks Realplayer 10.5_6.0.12.1056 Realnetworks Realplayer 10.5_6.0.12.1059 Realnetworks Realplayer 10.5_6.0.12.1069 Realnetworks Realplayer 10.5_6.0.12.1235	8

Exploit-Db

description	RealPlayer 10.5 ierpplug.dll Internet Explorer Denial of Service Exploit. CVE-2006-6847. Dos exploit for windows platform
file	exploits/windows/dos/3030.html
id	EDB-ID:3030
last seen	2016-01-31
modified	2006-12-28
platform	windows
port
published	2006-12-28
reporter	shinnai
source	https://www.exploit-db.com/download/3030/
title	RealPlayer 10.5 ierpplug.dll Internet Explorer 7 - Denial of Service Exploit
type	dos

Summary

Vulnerable Configurations

Exploit-Db

References