RealPlayer Multiple Code Execution Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in RealPlayer, which could be exploited by remote attackers to gain knowledge of sensitive information or compromise a vulnerable system.
1. A memory corruption error when processing IVR files containing a malformed data header, which could allow attackers to execute arbitrary code via a malicious file or web page.
2. An integer overflow errors within the "ParseKnownType()" function when parsing the "HX_FLV_META_AMF_TYPE_MIXEDARRAY" and "HX_FLV_META_AMF_TYPE_ARRAY" data types, which could be exploited to execute arbitrary code.
3. An unspecified error related to "RealPlayerActiveX", which could allow unauthorized file access.
4. An integer overflow error when processing malformed QCP files, which could be exploited to execute arbitrary code.
5. A memory corruption error whithin the processing of dimensions in the YUV420 transformation of content, which could be exploited to execute arbitrary code.
6. A heap overflow error when processing malformed QCP files, which could be exploited to execute arbitrary code.
7. An unspecified error within the ActiveX IE Plugin when opening multiple browser windows.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- RealPlayer SP version 1.1.4 and prior
- RealPlayer versions 11.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to RealPlayer SP version 1.1.5.
Vulnerability Identifier
Source
Related Link
Share with