RealPlayer for Windows < 15.0.0 Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

A multimedia application on the remote Windows host is affected by
multiple vulnerabilities.

Description :

According to its build number, the installed version of RealPlayer on
the remote Windows host is earlier than 15.0.0. As such, it is
affected by multiple vulnerabilities :

- A head-based buffer overflow exists in the 'RealVideo'
renderer. (CVE-2011-4244)

- Memory corruption errors exist in the 'RealVideo'
renderer and the 'AAC' codec. (CVE-2011-4245,
CVE-2011-4246)

- Remote code execution is possible due to errors related
to 'QCELP' parsing. (CVE-2011-4247)

- Remote code execution is possible due to errors related
to 'AAC' file parsing. (CVE-2011-4248)

- Remote code execution is possible due to errors related
to improper handling of indexes in 'RV30' encoded files.
(CVE-2011-4249)

- Remote code execution is possible due to errors related
to 'ATRC' file parsing. (CVE-2011-4250)

- Remote code execution is possible due to errors related
to 'RealAudio' 'Sample Size' parsing. (CVE-2011-4251)

- Remote code execution is possible due to errors related
to 'RV10' decoding. (CVE-2011-4252)

- Remote code execution is possible due to errors related
to 'RV20' decoding. (CVE-2011-4253)

- Remote code execution is possible due to errors related
to 'RTSP' 'SETUP' requests (CVE-2011-4254)

- Remote code execution is possible due to errors related
to improper handling of invalid codec names.
(CVE-2011-4255)

- Remote code execution is possible due to errors related
to uninitialized indexes in 'RV30' files.
(CVE-2011-4256)

- Remote code execution is possible due to errors related
to 'Cook' codec channel parsing. (CVE-2011-4257)

- Remote code execution is possible due to errors related
to 'IVR MLTI' chunk length parsing. (CVE-2011-4258)

- An integer underflow error exists related to 'MPG'
width handling. (CVE-2011-4259)

- Remote code execution is possible due to errors related
to improper handling of malformed 'MP4' headers and
parsing of 'MP4' files in general.
(CVE-2011-4260, CVE-2011-4262)

- A heap corruption error exists related to improper
handling of 'MP4' video dimensions. (CVE-2011-4261)

See also :

http://zerodayinitiative.com/advisories/ZDI-11-331
http://zerodayinitiative.com/advisories/ZDI-11-332
http://zerodayinitiative.com/advisories/ZDI-11-333
http://zerodayinitiative.com/advisories/ZDI-11-334
http://zerodayinitiative.com/advisories/ZDI-11-335
http://zerodayinitiative.com/advisories/ZDI-11-336
http://zerodayinitiative.com/advisories/ZDI-11-337
http://zerodayinitiative.com/advisories/ZDI-11-338
http://zerodayinitiative.com/advisories/ZDI-12-046
http://zerodayinitiative.com/advisories/ZDI-12-050
http://zerodayinitiative.com/advisories/ZDI-12-051
http://zerodayinitiative.com/advisories/ZDI-12-053/
http://zerodayinitiative.com/advisories/ZDI-12-085/
http://zerodayinitiative.com/advisories/ZDI-12-087/
http://zerodayinitiative.com/advisories/ZDI-12-092/
http://seclists.org/fulldisclosure/2012/Jun/73
http://seclists.org/fulldisclosure/2012/Jun/75
http://www.securityfocus.com/archive/1/523067/30/0/threaded
http://service.real.com/realplayer/security/11182011_player/en/

Solution :

Upgrade to RealPlayer 15.0.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true