icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Real Networks RealPlayer < RealPlayer SP 1.0.5 Multiple Vulnerabilities

Medium

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running a version of RealPlayer earlier than RealPlayer SP 1.0.5. Such versions are potentially affected by multiple vulnerabilities :

- A RealPlayer 'ASM' Rulebook heap-based buffer overflow. (CVE-2009-4241)

- A RealPlayer 'GIF' file heap overflow. (CVE-2009-4242)

- A RealPlayer media overflow (http chunck encoding). (CVE-2009-4243)

- A RealPlayer 'IVR' file processing buffer overflow. (CVE-2009-0375)

- A RealPlayer 'IVR' file heap overflow. (CVE-2009-0376)

- A RealPlayer 'SIPR' codec heap overflow. (CVE-2009-4244)

- A RealPlayer compressed 'GIF' heap overflow. (CVE-2009-4245)

- A RealPlayer 'SMIL' parsing heap overflow. (CVE-2009-4257)

- A RealPlayer skin parsing stack overflow. (CVE-2009-4246)

- A RealPlayer 'ASM' RuleBook array overflow. (CVE-2009-4247)

- A RealPlayer 'rtsp' 'set_parameter' buffer overflow. (CVE-2009-4248)

Note that different versions are affected by different vulnerabilities.

Solution

Upgrade to RealPlayer SP 1.0.5 or later.