Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Real Networks RealPlayer < 14.0.1.609 (Build 12.0.1.609) Multiple Vulnerabilities

Medium

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running RealPlayer, a multi-media application.

RealPlayer builds earlier than 12.0.1.609 are potentially affected by vulnerabilities :

- An uncontrolled array index vulnerability exists in RealMedia media properties. (CVE-2010-4384)

- A heap overflow vulnerability exists in multi-rate audio handling. (CVE-2010-4375)

- A heap corruption vulnerability exists in the SMIL file format StreamTitle. (CVE-2010-2997)

- An integer overflow exists in AAC MLLT Atom parsing. (CVE-2010-2999)

- An integer overflow exists in AAC TIT2 Atom parsing. (CVE-2010-4397)

- A heap overflow vulnerability exists in RTSP GIF parsing. (CVE-2010-4376)

- A heap corruption vulnerability exist in the Cook Audio Codec. (CVE-2010-4377)

- A heap corruption vulnerability exists in RV20 parsing. (CVE-2010-4378)

- An error exists in the Cook codec initialization function. (CVE-2010-0121)

- A memory access vulnerability exists in the Cook codec relating to an uninitialized number of channels. (CVE-2010-2579)

- An unspecified vulnerability exists in AAC spectral data parsing. (CVE-2010-0125)

- A heap overflow vulnerability exists in SIPR. (CVE-2010-4379)

- A heap overflow exists in SOUND. (CVE-2010-4380)

- A heap overflow exists in AAC. (CVE-2010-4381)

- Multiple heap overflow vulnerabilities in RealMedia. (CVE-2010-4382)

- A heap overflow vulnerability in RA5. (CVE-2010-4383)

- An integer overflow in SIPR stream frame dimensions. (CVE-2010-4385)

- RealMedia Memory heap corruption. (CVE-2010-4386)

- A memory corruption vulnerability in the RealAudio codec. (CVE-2010-4387)

- A cross-zone scripting vulnerability in the ActiveX HandleAction Method. (CVE-2010-4396)

- A cross domain scripting vulnerability is exploitable via local HTML files. (CVE-2010-4388)

- A heap overflow vulnerability exists in the Cook codec initialization buffer index.(CVE-2010-4389)

- A heap overflow vulnerability exists in the IVR file header. (CVE-2010-4390)

- A heap overflow vulnerability exists in the RMX header. (CVE-2010-4391)

- A heap overflow vulnerability exists in ImageMap. (CVE-2010-4392)

- A heap overflow vulnerability exists in RealPix server header. (CVE-2010-4394)

- A heap overflow exists in the Advanced audio coding. (CVE-2010-4395)

Solution

Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later.