RealPlayer Multiple Vulnerabilities
Last Update Date:
18 Aug 2011 12:04
Release Date:
18 Aug 2011
6630
Views
RISK: High Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in RealPlayer, which can be exploited by malicious people to compromise a user's system.
- A use-after-free error exists in pngu3267.dll within the handling of displayed dialog boxes when navigating away from a web page. This can be exploited to dereference already freed memory by tricking a user into visiting a specially crafted web page and e.g. display the "Copyrights" or "Version Info" dialog box via the "About RealPlayer" context menu or open the "About This Presentation" dialog box, which can allow execution of arbitrary code.
- An unspecified error related to SIPR, and a boundary error within the handling of certain ID3v2 tags in MP3 files and qcpfformat.dll when handling certain QCP media files can be exploited to cause a heap-based buffer overflow.
- The application allows the processing of local HTML files with scripting enabled, which can be exploited to execute arbitrary code by e.g. tricking a user into visiting a malicious website.
- An error within the handling of "DEFINEFONT" fields when parsing Flash files can be exploited to cause a memory corruption.
- An error within the parsing of AAC raw_data_frame elements can be exploited to cause a buffer overflow.
- An unspecified "Out of Bounds" error, and use-after-free error related to "Embedded AutoUpdate" and "Embedded Modal Dialog" exists within the RealPlayer ActiveX control, which can be exploited to execute arbitrary code.
Impact
- Remote Code Execution
System / Technologies affected
- RealPlayer 14.x
- RealPlayer Enterprise 2.x
- Mac RealPlayer 12.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to RealPlayer version 14.0.6 / Enterprise version 2.1.6 / Mac RealPlayer version 12.0.0.1701
http://service.real.com/realplayer/security/08162011_player/en/
Vulnerability Identifier
- CVE-2011-2945
- CVE-2011-2946
- CVE-2011-2947
- CVE-2011-2948
- CVE-2011-2949
- CVE-2011-2950
- CVE-2011-2951
- CVE-2011-2952
- CVE-2011-2953
- CVE-2011-2954
- CVE-2011-2955
Source
Related Link
Share with