RealPlayer Multiple Vulnerabilities
Last Update Date:
22 Nov 2011 14:26
Release Date:
22 Nov 2011
6026
Views
RISK: High Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
- An unspecified error related to RealVideo rendering can be exploited to cause a heap-based buffer overflow.
- An unspecified error related to RealVideo rendering can be exploited to corrupt memory.
- An unspecified error related to the AAC Codec can be exploited to corrupt memory.
- An unspecified error exists within parsing of QCELP streams.
- An unspecified error exists within parsing of AAC files.
- An unspecified error exists related to indexes within RV30 encoded files.
- An unspecified error exists within parsing of the ATRC codec.
- An unspecified error exists related to sample size when parsing RealAudio files.
- An unspecified error exists related to sample height when parsing RV10 encoded files.
- An unspecified error exists when decoding RV20 encoded files.
- An unspecified error exists when handling RTSP SETUP requests.
- An unspecified error exists related to invalid codec names.
- An unspecified error exists related to an uninitialized index value within RV30 encoded files.
- An unspecified error exists when parsing the channel within the Cook codec.
- An unspecified error exists when parsing the MLTI chunk length within IVR files.
- An integer underflow error exists related to the MPG width.
- An unspecified error exists when parsing MP4 headers.
- An unspecified error related to MP4 video dimensions can be exploited to corrupt heap memory.
- An unspecified error exists when parsing MP4 files.
Impact
- Remote Code Execution
System / Technologies affected
- RealPlayer 14.x
- Mac RealPlayer 12.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to RealPlayer version 15.0.0 or Mac RealPlayer version 12.0.0.1703
Vulnerability Identifier
- CVE-2011-4244
- CVE-2011-4245
- CVE-2011-4246
- CVE-2011-4247
- CVE-2011-4248
- CVE-2011-4249
- CVE-2011-4250
- CVE-2011-4251
- CVE-2011-4252
- CVE-2011-4253
- CVE-2011-4254
- CVE-2011-4255
- CVE-2011-4256
- CVE-2011-4257
- CVE-2011-4258
- CVE-2011-4259
- CVE-2011-4260
- CVE-2011-4261
- CVE-2011-4262
Source
Related Link
Share with