RealPlayer for Windows < Build 12.0.1.609 Multiple Vulnerabilities

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

An application on the remote Windows host is affected by multiple
vulnerabilities.

Description :

According to its build number, the installed version of RealPlayer on
the remote Windows host is affected by multiple vulnerabilities:

- An error in the 'Cook' codec initialization function
and can be used to access uninitialized memory.
(CVE-2010-0121)

- Freed pointer access in the handling of the 'Stream
Title' tag in a SHOUTcast stream using the ICY protocol.
(CVE-2010-2997)

- An integer overflow error exists when handling a
malformed 'MLLT atom' in an AAC file. (CVE-2010-2999)

- Heap-based buffer overflow when handling of multi-rate
audio streams. (CVE-2010-4375)

- Heap-based buffer overflow when parsing GIF87a files
with large 'Screen Width' values in the 'Screen
Descriptor' header over RTSP. (CVE-2010-4376)

- Heap-based buffer overflow when parsing of 'Cook' codec
information in a Real Audio file with many subbands.
(CVE-2010-4377)

- Memory corruption in parsing of a 'RV20' video stream.
(CVE-2010-4378)

- Heap-based buffer overflow when parsing 'AAC', 'IVR',
'RealMedia', 'RA5', 'RealPix', 'SIPR' and 'SOUND' files.
(CVE-2010-0125, CVE-2010-4379, CVE-2010-4380,
CVE-2010-4381, CVE-2010-4382, CVE-2010-4383,
CVE-2010-4384, CVE-2010-4386, CVE-2010-4387,
CVE-2010-4390, CVE-2010-4391, CVE-2010-4392)

- Integer overflow in the handling of frame dimensions in
a 'SIPR' stream. (CVE-2010-4385)

- An input validation error in the 'pnen3260.dll' module
can allow arbitrary code execution via a crafted 'TIT2
atom' in an AAC file. (CVE-2010-4397)

- Heap-based buffer overflow in the 'Cook' codec handling
functions. (CVE-2010-2579, CVE-2010-4389)

- Heap-based buffer overflow in the decoding portion of
the 'Advanced Audio Coding' compression implementation.
(CVE-2010-4395)

- Cross-site scripting in ActiveX control and several
HTML files. (CVE-2010-4396, CVE-2010-4388)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-10-266/
http://www.zerodayinitiative.com/advisories/ZDI-10-267/
http://www.zerodayinitiative.com/advisories/ZDI-10-268/
http://www.zerodayinitiative.com/advisories/ZDI-10-269/
http://www.zerodayinitiative.com/advisories/ZDI-10-270/
http://www.zerodayinitiative.com/advisories/ZDI-10-271/
http://www.zerodayinitiative.com/advisories/ZDI-10-272/
http://www.zerodayinitiative.com/advisories/ZDI-10-273/
http://www.zerodayinitiative.com/advisories/ZDI-10-274/
http://www.zerodayinitiative.com/advisories/ZDI-10-275/
http://www.zerodayinitiative.com/advisories/ZDI-10-276/
http://www.zerodayinitiative.com/advisories/ZDI-10-277/
http://www.zerodayinitiative.com/advisories/ZDI-10-278/
http://www.zerodayinitiative.com/advisories/ZDI-10-279/
http://www.zerodayinitiative.com/advisories/ZDI-10-280/
http://www.zerodayinitiative.com/advisories/ZDI-10-281/
http://www.zerodayinitiative.com/advisories/ZDI-10-282/

Solution :

Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false