Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Real Networks RealPlayer < RealPlayer SP 1.0.5 Multiple Vulnerabilities

Medium

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running a version of RealPlayer earlier than RealPlayer SP 1.0.5. Such versions are potentially affected by multiple vulnerabilities :

- A RealPlayer 'ASM' Rulebook heap-based buffer overflow. (CVE-2009-4241)

- A RealPlayer 'GIF' file heap overflow. (CVE-2009-4242)

- A RealPlayer media overflow (http chunck encoding). (CVE-2009-4243)

- A RealPlayer 'IVR' file processing buffer overflow. (CVE-2009-0375)

- A RealPlayer 'IVR' file heap overflow. (CVE-2009-0376)

- A RealPlayer 'SIPR' codec heap overflow. (CVE-2009-4244)

- A RealPlayer compressed 'GIF' heap overflow. (CVE-2009-4245)

- A RealPlayer 'SMIL' parsing heap overflow. (CVE-2009-4257)

- A RealPlayer skin parsing stack overflow. (CVE-2009-4246)

- A RealPlayer 'ASM' RuleBook array overflow. (CVE-2009-4247)

- A RealPlayer 'rtsp' 'set_parameter' buffer overflow. (CVE-2009-4248)

Note that different versions are affected by different vulnerabilities.

Solution

Upgrade to RealPlayer SP 1.0.5 or later.