RealNetworks RealPlayer Multiple Vulnerabilities (Win) - Dec10 Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to multiple vulnerabilities.

Impact

Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service.

Solution

Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later, For updates refer to http://www.real.com/player

Insight

The multiple flaws are due to, - Heap-based buffer overflow error when parsing a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream. - An integer overflow in the pnen3260.dll module allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file.

Affected

RealPlayer SP 1.0 to 1.1.1 (12.x) RealNetworks RealPlayer SP 11.0 to 11.1 on Windows platform.

References

http://secunia.com/advisories/38550/
http://service.real.com/realplayer/security/12102010_player/en/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4376, CVE-2010-4397
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability

Take action and discover your vulnerabilities