icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Real Networks RealPlayer < 14.0.1.609 (Build 12.0.1.609) Multiple Vulnerabilities

Medium

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running RealPlayer, a multi-media application.

RealPlayer builds earlier than 12.0.1.609 are potentially affected by vulnerabilities :

- An uncontrolled array index vulnerability exists in RealMedia media properties. (CVE-2010-4384)

- A heap overflow vulnerability exists in multi-rate audio handling. (CVE-2010-4375)

- A heap corruption vulnerability exists in the SMIL file format StreamTitle. (CVE-2010-2997)

- An integer overflow exists in AAC MLLT Atom parsing. (CVE-2010-2999)

- An integer overflow exists in AAC TIT2 Atom parsing. (CVE-2010-4397)

- A heap overflow vulnerability exists in RTSP GIF parsing. (CVE-2010-4376)

- A heap corruption vulnerability exist in the Cook Audio Codec. (CVE-2010-4377)

- A heap corruption vulnerability exists in RV20 parsing. (CVE-2010-4378)

- An error exists in the Cook codec initialization function. (CVE-2010-0121)

- A memory access vulnerability exists in the Cook codec relating to an uninitialized number of channels. (CVE-2010-2579)

- An unspecified vulnerability exists in AAC spectral data parsing. (CVE-2010-0125)

- A heap overflow vulnerability exists in SIPR. (CVE-2010-4379)

- A heap overflow exists in SOUND. (CVE-2010-4380)

- A heap overflow exists in AAC. (CVE-2010-4381)

- Multiple heap overflow vulnerabilities in RealMedia. (CVE-2010-4382)

- A heap overflow vulnerability in RA5. (CVE-2010-4383)

- An integer overflow in SIPR stream frame dimensions. (CVE-2010-4385)

- RealMedia Memory heap corruption. (CVE-2010-4386)

- A memory corruption vulnerability in the RealAudio codec. (CVE-2010-4387)

- A cross-zone scripting vulnerability in the ActiveX HandleAction Method. (CVE-2010-4396)

- A cross domain scripting vulnerability is exploitable via local HTML files. (CVE-2010-4388)

- A heap overflow vulnerability exists in the Cook codec initialization buffer index.(CVE-2010-4389)

- A heap overflow vulnerability exists in the IVR file header. (CVE-2010-4390)

- A heap overflow vulnerability exists in the RMX header. (CVE-2010-4391)

- A heap overflow vulnerability exists in ImageMap. (CVE-2010-4392)

- A heap overflow vulnerability exists in RealPix server header. (CVE-2010-4394)

- A heap overflow exists in the Advanced audio coding. (CVE-2010-4395)

Solution

Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later.