RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to Buffer Overflow Vulnerability.

Impact

Successful exploitation allows remote attackers to compromise a vulnerable system by convincing a user to open a malicious media file or visit a specially crafted web page.

Solution

Upgrade to RealPlayer version 14.0.2 or later, For updates refer to http://www.real.com/player

Insight

The flaws are caused due, - a buffer overflow error in the 'vidplin.dll' module when processing malformed header data. - temporary files that store references to media files having predictable names. This can be exploited in combination with the 'OpenURLInPlayerBrowser()' method of a browser plugin to execute the file.

Affected

RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.5 (12.x) RealPlayer versions 14.0.0 through 14.0.1

References

http://secunia.com/advisories/43098
http://service.real.com/realplayer/security/01272011_player/en/
http://www.vupen.com/english/advisories/2011/0240
http://xforce.iss.net/xforce/xfdb/64960

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4393, CVE-2011-0694
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
AIMP ID3 Tag Buffer Overflow Vulnerability
Cogent DataHub Unicode Buffer Overflow Vulnerability
Cscope Multiple Buffer Overflow vulnerability
Apache APR and APR-util Multiple Integer Overflow Vulnerabilities

Take action and discover your vulnerabilities