Summary
This host is installed with RealPlayer which is prone to multiple vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service.
Solution
Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later, For updates refer to http://www.real.com/player
Insight
The multiple flaws are due to,
- An error in the 'Cook' codec initialization function - Heap-based buffer overflow errors when parsing 'SIPR', 'AAC', 'RealMedia', 'RA5' and 'SOUND' files
- Integer overflow in the handling of frame dimensions in a 'SIPR' stream - An uninitialized pointer vulnerability exists in the CDDA URI ActiveX Control.
- A stack-based buffer overflow in the RichFX component.
- Heap-based buffer overflow error via a crafted 'QCP' file.
- A parameter injection vulnerability in the RecordClip browser extension.
- rjrmrpln.dll does not properly validate file contents that are used during interaction with a heap buffer.
- Multiple heap-based buffer overflows in an ActiveX control allow remote attackers to execute arbitrary code via a long .smil argument to the tfile, pnmm, cdda protocol handler.
Affected
RealPlayer SP 1.0 to 1.1.4 (12.x)
RealNetworks RealPlayer SP 11.0 to 11.1 on Windows platform.
References
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
- Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)