Skip to main content

RealNetworks RealPlayer Multiple Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 21 Jan 2010 5369 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in RealNetworks RealPlayer, which could be exploited by remote attackers to compromise a vulnerable system.

1. Due to a heap overflow error when processing a malformed ASM Rulebook, which could be exploited to execute arbitrary code.

2. Due to a heap overflow error when processing a malformed GIF file, which could be exploited to execute arbitrary code.

3. Due to a buffer overflow error when processing a malformed media file, which could be exploited to execute arbitrary code.

4. Due to a buffer overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.

5. Due to a heap overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.

6. Due to a heap overflow error related to the SIPR Codec, which could be exploited to execute arbitrary code.

7. Due to a heap overflow error when processing a malformed compressed GIF, which could be exploited to execute arbitrary code.

8. Due to a heap overflow error when parsing a malformed SMIL file, which could be exploited to execute arbitrary code.

9. Due to a heap overflow error when parsing a malformed Skin, which could be exploited to execute arbitrary code.

10. Due to an array overflow error when parsing a malformed ASM RuleBook, which could be exploited to execute arbitrary code.

11. Due to a buffer overflow error related to rtsp "set_parameter" method, which could be exploited to execute arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • RealPlayer SP versions 1.x
  • RealPlayer versions 11.x
  • RealPlayer versions 10.x
  • RealPlayer Enterprise
  • Mac RealPlayer versions 11.x
  • Mac RealPlayer versions 10.x
  • Linux RealPlayer versions 11.x
  • Linux RealPlayer versions 10.x
  • Helix Player versions 11.x
  • Helix Player versions 10.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link