Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Real Networks RealPlayer SP < 1.1.5 Multiple Vulnerabilities

High

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running RealPlayer, a multi-media application.

RealPlayer SP builds earlier than 12.0.0.879 are potentially affected by multiple vulnerabilities :

- A RealPlayer malformed 'IVR' pointer index code execution vulnerability exists. (CVE-2010-2996, CVE-2010-2998)

A RealPlayerActiveX unauthorized file access vulnerability exists. (CVE-2010-3002)

A RealPlayer 'QCP' file parsing integer overflow vulnerability exists. (CVE-2010-0116)

A vulnerability exists in the way RealPlayer processes the dimensions in the 'YUV420' transformation of 'MP4' content. (CVE-2010-0117)

A heap-based buffer overflow vulnerability exists in RealPlayer's 'QCP' parsing. (CVE-20010-0120)

A vulnerability exists in the ActiveX IE plugin relating to the opening of multiple browser windows. (CVE-2010-3001)

- An uninitialized pointer vulnerability exists in the CDDA URI ActiveX Control. (CVE-2010-3747) - A remote code execution vulnerability exists in RJMDSections. (CVE-210-3750) - A RealPlayer 'QCP' parsing heap-based buffer overflow vulnerability exists. (CVE-2010-2578)

- A remote code execution issue exists in multiple protocol handlers for the RealPlayer ActiveX control. (CVE-2010-3751)

- A stack overflow vulnerability exists in the RichFX component. (CVE-2010-3748)

- A paramenter injection vulnerability exists in the RecordClip browser extension. (CVE-2010-3749)

Solution

Upgrade to RealPlayer SP 1.1.5 or later.