RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Linux) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to multiple code execution vulnerabilities.

Impact

Successful exploitation will let the attacker execute arbitrary codes within the context of the application and can cause heap overflow or allow remote code execution.

Solution

Upgrade to RealPlayer version 11.0.5 or later. For updates refer to http://www.real.com/player

Insight

Buffer overflow errors exists, when processing a malformed 'ASM Rulebook', 'GIF file', 'media file', 'IVR file', 'SIPR Codec', 'SMIL file','Skin', and 'set_parameter' method.

Affected

RealPlayer versions 10.x and prior Linux platforms.

References

http://secunia.com/advisories/38218
http://service.real.com/realplayer/security/01192010_player/en/
http://www.vupen.com/english/advisories/2010/0178
http://xforce.iss.net/xforce/xfdb/55794

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0375, CVE-2009-0376, CVE-2009-4241, CVE-2009-4242, CVE-2009-4243, CVE-2009-4244, CVE-2009-4245, CVE-2009-4246, CVE-2009-4247, CVE-2009-4248, CVE-2009-4257
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Linux)
BSPlayer Stack Overflow Vulnerability BLS
Adobe Flash Player Buffer Overflow Vulnerability (Windows)
Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
Apple iTunes 'itpc:' URI Buffer Overflow Vulnerability

Take action and discover your vulnerabilities