RealPlayer for Windows < Build 12.0.0.319 Multiple Buffer Overflows

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows application is affected by multiple buffer
overflow vulnerabilities.

Description :

According to its build number, the installed version of RealPlayer on
the remote Windows host has multiple buffer overflow vulnerabilities :

- A RealPlayer 'ASM' Rulebook heap-based overflow.
(CVE-2009-4241)

- A RealPlayer 'GIF' file heap overflow. (CVE-2009-4242)

- A RealPlayer media overflow ('http' chunk encoding).
(CVE-2009-4243)

- A RealPlayer 'IVR' file processing buffer overflow.
(CVE-2009-0375)

- A RealPlayer 'IVR' file heap overflow. (CVE-2009-0376)

- A RealPlayer 'SIPR' codec heap overflow. (CVE-2009-4244)

- A RealPlayer compressed 'GIF' heap overflow.
(CVE-2009-4245)

- A RealPlayer 'SMIL' parsing heap overflow.
(CVE-2009-4257)

- A RealPlayer skin parsing stack overflow.
(CVE-2009-4246)

- A RealPlayer 'ASM' RuleBook Array Overflow.
(CVE-2009-4247)

- A RealPlayer 'rtsp' set_parameter buffer overflow.
(CVE-2009-4248)

See also :

http://www.securityfocus.com/archive/1/509100/30/0/threaded
http://www.securityfocus.com/archive/1/509096/30/0/threaded
http://www.securityfocus.com/archive/1/509105/30/0/threaded
http://www.securityfocus.com/archive/1/509098/30/0/threaded
http://www.securityfocus.com/archive/1/509104/30/0/threaded
http://www.securityfocus.com/archive/1/509286/30/0/threaded
http://www.securityfocus.com/archive/1/509288/30/0/threaded
http://www.securityfocus.com/archive/1/509293/30/0/threaded
http://service.real.com/realplayer/security/01192010_player/en/

Solution :

Upgrade to RealPlayer SP 1.0.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now