RealPlayer IVR Multiple Vulnerabilities Network Vulnerability

Summary

This host is running RealPlayer which is prone to IVR multiple vulnerabilities.

Impact

Successful exploitation will let the attacker execute arbitrary codes within the context of the application and can cause heap overflow or cause remote code execution to the application.

Solution

Upgrage to the latest version, For updates refer to http://www.real.com/player

Insight

- Memory corruption while the application processes crafted arbitrary 'IVR' file. - A vulnerability that allows an attacker to write one null byte to an arbitrary memory address by using an overly long file name length value.

Affected

RealPlayer 11.0.0.477 and prior on all Windows platforms.

References

http://en.securitylab.ru/nvd/367866.php
http://en.securitylab.ru/nvd/367867.php
http://www.fortiguardcenter.com/advisory/FGA-2009-04.html
http://www.securityfocus.com/archive/1/archive/1/500722/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0375, CVE-2009-0376
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
BSPlayer Stack Overflow Vulnerability BLS
Anzio Web Print Object ActiveX Control Remote BOF Vulnerability
Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
Asterisk HTTP Manager Buffer Overflow Vulnerability

Take action and discover your vulnerabilities