 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.801749 |
| Kategorie: | Buffer overflow |
| Titel: | RealNetworks RealPlayer Buffer Overflow Vulnerability - Windows |
| Zusammenfassung: | RealPlayer is prone to a buffer overflow vulnerability. |
| Beschreibung: | Summary: RealPlayer is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaws are caused due, - a buffer overflow error in the 'vidplin.dll' module when processing malformed header data. - temporary files that store references to media files having predictable names. This can be exploited in combination with the 'OpenURLInPlayerBrowser()' method of a browser plugin to execute the file. Vulnerability Impact: Successful exploitation allows remote attackers to compromise a vulnerable system by convincing a user to open a malicious media file or visit a specially crafted web page. Affected Software/OS: RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.5 (12.x) RealPlayer versions 14.0.0 through 14.0.1. Solution: Upgrade to RealPlayer version 14.0.2 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4393 BugTraq ID: 46047 http://www.securityfocus.com/bid/46047 http://www.zerodayinitiative.com/advisories/ZDI-11-033/ http://osvdb.org/70682 http://securitytracker.com/id?1024998 http://secunia.com/advisories/43098 http://www.vupen.com/english/advisories/2011/0240 XForce ISS Database: realplayer-avi-bo(64960) https://exchange.xforce.ibmcloud.com/vulnerabilities/64960 Common Vulnerability Exposure (CVE) ID: CVE-2011-0694 Bugtraq: 20110208 ZDI-11-076: RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/516318/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-076 http://osvdb.org/70849 http://www.securitytracker.com/id?1025058 http://secunia.com/advisories/43268 http://securityreason.com/securityalert/8098 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |