RealNetworks RealPlayer Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in RealPlayer, which could be exploited by remote attackers to take complete control of a vulnerable system. These issues are caused by buffer and integer overflows, array indexing, memory corruptions, invalid memory access and zone validation errors related to RealMedia, Multi-Rate audio, SMIL StreamTitle, AAC MLLT atom, AAC TIT2 atom, RTSP GIF parsing, Cook audio codec, RV20, AAC spectral data, SIPR, SOUND, AAC, RA5, ActiveX "HandleAction()" method, local HTML files, IVR, RMX, ImageMap, RealPix Server and Advanced Audio Coding, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious media file or visiting a specially crafted web page.
Impact
- Remote Code Execution
System / Technologies affected
- RealPlayer versions 11.x
- RealPlayer SP versions 1.x
- RealPlayer Enterprise versions 2.x
- Mac RealPlayer versions 11.x
- Mac RealPlayer versions 12.x
- Linux RealPlayer versions 11.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to RealPlayer 14.0.1, Mac RealPlayer 12.0.0.1548, RealPlayer Enterprise 2.1.4, and Linux RealPlayer 11.0.2.2315.
Vulnerability Identifier
- CVE-2010-0121
- CVE-2010-0125
- CVE-2010-2579
- CVE-2010-2997
- CVE-2010-2999
- CVE-2010-4375
- CVE-2010-4376
- CVE-2010-4377
- CVE-2010-4378
- CVE-2010-4379
- CVE-2010-4380
- CVE-2010-4381
- CVE-2010-4382
- CVE-2010-4383
- CVE-2010-4384
- CVE-2010-4385
- CVE-2010-4386
- CVE-2010-4387
- CVE-2010-4388
- CVE-2010-4389
- CVE-2010-4390
- CVE-2010-4391
- CVE-2010-4392
- CVE-2010-4394
- CVE-2010-4395
- CVE-2010-4396
- CVE-2010-4397
Source
Related Link
Share with