RealPlayer for Windows < Build 22.214.171.1249 Multiple Vulnerabilities
Critical Nessus Plugin ID 50612
SynopsisAn application on the remote Windows host is affected by multiple vulnerabilities.
DescriptionAccording to its build number, the installed version of RealPlayer on the remote Windows host is affected by multiple vulnerabilities:
- An error in the 'Cook' codec initialization function and can be used to access uninitialized memory. (CVE-2010-0121)
- Freed pointer access in the handling of the 'Stream Title' tag in a SHOUTcast stream using the ICY protocol.
- An integer overflow error exists when handling a malformed 'MLLT atom' in an AAC file. (CVE-2010-2999)
- Heap-based buffer overflow when handling of multi-rate audio streams. (CVE-2010-4375)
- Heap-based buffer overflow when parsing GIF87a files with large 'Screen Width' values in the 'Screen Descriptor' header over RTSP. (CVE-2010-4376)
- Heap-based buffer overflow when parsing of 'Cook' codec information in a Real Audio file with many subbands.
- Memory corruption in parsing of a 'RV20' video stream.
- Heap-based buffer overflow when parsing 'AAC', 'IVR', 'RealMedia', 'RA5', 'RealPix', 'SIPR' and 'SOUND' files.
(CVE-2010-0125, CVE-2010-4379, CVE-2010-4380, CVE-2010-4381, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4386, CVE-2010-4387, CVE-2010-4390, CVE-2010-4391, CVE-2010-4392)
- Integer overflow in the handling of frame dimensions in a 'SIPR' stream. (CVE-2010-4385)
- An input validation error in the 'pnen3260.dll' module can allow arbitrary code execution via a crafted 'TIT2 atom' in an AAC file. (CVE-2010-4397)
- Heap-based buffer overflow in the 'Cook' codec handling functions. (CVE-2010-2579, CVE-2010-4389)
- Heap-based buffer overflow in the decoding portion of the 'Advanced Audio Coding' compression implementation. (CVE-2010-4395)
- Cross-site scripting in ActiveX control and several HTML files. (CVE-2010-4396, CVE-2010-4388)
SolutionUpgrade to RealPlayer 126.96.36.1999 (Build 188.8.131.529) or later.