Buffer overflow : RealPlayer IVR Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800509

Categoría: Buffer overflow

Título: RealPlayer IVR Multiple Vulnerabilities

Resumen: RealPlayer is prone to IVR multiple vulnerabilities.

Descripción: Summary:
RealPlayer is prone to IVR multiple vulnerabilities.

Vulnerability Insight:
- Memory corruption while the application processes crafted arbitrary
'IVR' file.

- A vulnerability that allows an attacker to write one null byte to an
arbitrary memory address by using an overly long file name length value.

Vulnerability Impact:
Successful exploitation will let the attacker execute arbitrary
codes within the context of the application and can cause heap overflow
or cause remote code execution to the application.

Affected Software/OS:
RealPlayer 11.0.0.477 and prior on all Windows platforms.

Solution:
Upgrage to the latest version.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0375
BugTraq ID: 33652
http://www.securityfocus.com/bid/33652
Bugtraq: 20090206 RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/500722/100/0/threaded
http://www.fortiguardcenter.com/advisory/FGA-2009-04.html
http://secunia.com/advisories/33810
http://secunia.com/advisories/38218
http://www.vupen.com/english/advisories/2010/0178
XForce ISS Database: realplayer-ivr-bo(48567)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48567
Common Vulnerability Exposure (CVE) ID: CVE-2009-0376
Bugtraq: 20100121 ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/509097/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-009/
XForce ISS Database: realplayer-ivr-code-execution(48568)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48568

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800509
Categoría:	Buffer overflow
Título:	RealPlayer IVR Multiple Vulnerabilities
Resumen:	RealPlayer is prone to IVR multiple vulnerabilities.
Descripción:	Summary: RealPlayer is prone to IVR multiple vulnerabilities. Vulnerability Insight: - Memory corruption while the application processes crafted arbitrary 'IVR' file. - A vulnerability that allows an attacker to write one null byte to an arbitrary memory address by using an overly long file name length value. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes within the context of the application and can cause heap overflow or cause remote code execution to the application. Affected Software/OS: RealPlayer 11.0.0.477 and prior on all Windows platforms. Solution: Upgrage to the latest version. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0375 BugTraq ID: 33652 http://www.securityfocus.com/bid/33652 Bugtraq: 20090206 RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/500722/100/0/threaded http://www.fortiguardcenter.com/advisory/FGA-2009-04.html http://secunia.com/advisories/33810 http://secunia.com/advisories/38218 http://www.vupen.com/english/advisories/2010/0178 XForce ISS Database: realplayer-ivr-bo(48567) https://exchange.xforce.ibmcloud.com/vulnerabilities/48567 Common Vulnerability Exposure (CVE) ID: CVE-2009-0376 Bugtraq: 20100121 ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/509097/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-009/ XForce ISS Database: realplayer-ivr-code-execution(48568) https://exchange.xforce.ibmcloud.com/vulnerabilities/48568
Copyright	Copyright (C) 2009 Greenbone AG