Skip to main content

RealPlayer Multiple Vulnerabilities

Last Update Date: 22 Nov 2011 14:26 Release Date: 22 Nov 2011 6077 Views

RISK: High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in RealPlayer, which can be exploited by malicious people to compromise a user's system.  Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

 

  1.     An unspecified error related to RealVideo rendering can be exploited to cause a heap-based buffer overflow.
  2.     An unspecified error related to RealVideo rendering can be exploited to corrupt memory.
  3.     An unspecified error related to the AAC Codec can be exploited to corrupt memory.
  4.     An unspecified error exists within parsing of QCELP streams.
  5.     An unspecified error exists within parsing of AAC files.
  6.     An unspecified error exists related to indexes within RV30 encoded files.
  7.     An unspecified error exists within parsing of the ATRC codec.
  8.     An unspecified error exists related to sample size when parsing RealAudio files.
  9.     An unspecified error exists related to sample height when parsing RV10 encoded files.
  10.     An unspecified error exists when decoding RV20 encoded files.
  11.     An unspecified error exists when handling RTSP SETUP requests.
  12.     An unspecified error exists related to invalid codec names.
  13.     An unspecified error exists related to an uninitialized index value within RV30 encoded files.
  14.     An unspecified error exists when parsing the channel within the Cook codec.
  15.     An unspecified error exists when parsing the MLTI chunk length within IVR files.
  16.     An integer underflow error exists related to the MPG width.
  17.     An unspecified error exists when parsing MP4 headers.
  18.     An unspecified error related to MP4 video dimensions can be exploited to corrupt heap memory.
  19.     An unspecified error exists when parsing MP4 files.

 


Impact

  • Remote Code Execution

System / Technologies affected

  • RealPlayer 14.x
  • Mac RealPlayer 12.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  •     Upgrade to RealPlayer version 15.0.0 or Mac RealPlayer version 12.0.0.1703
     

 


Vulnerability Identifier


Source


Related Link