Real Networks RealPlayer SP < 1.1.5 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 5650
SynopsisThe remote host is running an application that is vulnerable to multiple attack vectors.
DescriptionThe remote host is running RealPlayer, a multi-media application.
RealPlayer SP builds earlier than 184.108.40.2069 are potentially affected by multiple vulnerabilities :
- A RealPlayer malformed 'IVR' pointer index code execution vulnerability exists. (CVE-2010-2996, CVE-2010-2998)
A RealPlayerActiveX unauthorized file access vulnerability exists. (CVE-2010-3002)
A RealPlayer 'QCP' file parsing integer overflow vulnerability exists. (CVE-2010-0116)
A vulnerability exists in the way RealPlayer processes the dimensions in the 'YUV420' transformation of 'MP4' content. (CVE-2010-0117)
A heap-based buffer overflow vulnerability exists in RealPlayer's 'QCP' parsing. (CVE-20010-0120)
A vulnerability exists in the ActiveX IE plugin relating to the opening of multiple browser windows. (CVE-2010-3001)
- An uninitialized pointer vulnerability exists in the CDDA URI ActiveX Control. (CVE-2010-3747) - A remote code execution vulnerability exists in RJMDSections. (CVE-210-3750) - A RealPlayer 'QCP' parsing heap-based buffer overflow vulnerability exists. (CVE-2010-2578)
- A remote code execution issue exists in multiple protocol handlers for the RealPlayer ActiveX control. (CVE-2010-3751)
- A stack overflow vulnerability exists in the RichFX component. (CVE-2010-3748)
- A paramenter injection vulnerability exists in the RecordClip browser extension. (CVE-2010-3749)
SolutionUpgrade to RealPlayer SP 1.1.5 or later.