 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.801749 |
| Categoría: | Buffer overflow |
| Título: | RealNetworks RealPlayer Buffer Overflow Vulnerability - Windows |
| Resumen: | RealPlayer is prone to a buffer overflow vulnerability. |
| Descripción: | Summary: RealPlayer is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaws are caused due, - a buffer overflow error in the 'vidplin.dll' module when processing malformed header data. - temporary files that store references to media files having predictable names. This can be exploited in combination with the 'OpenURLInPlayerBrowser()' method of a browser plugin to execute the file. Vulnerability Impact: Successful exploitation allows remote attackers to compromise a vulnerable system by convincing a user to open a malicious media file or visit a specially crafted web page. Affected Software/OS: RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.5 (12.x) RealPlayer versions 14.0.0 through 14.0.1. Solution: Upgrade to RealPlayer version 14.0.2 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4393 BugTraq ID: 46047 http://www.securityfocus.com/bid/46047 http://www.zerodayinitiative.com/advisories/ZDI-11-033/ http://osvdb.org/70682 http://securitytracker.com/id?1024998 http://secunia.com/advisories/43098 http://www.vupen.com/english/advisories/2011/0240 XForce ISS Database: realplayer-avi-bo(64960) https://exchange.xforce.ibmcloud.com/vulnerabilities/64960 Common Vulnerability Exposure (CVE) ID: CVE-2011-0694 Bugtraq: 20110208 ZDI-11-076: RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/516318/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-076 http://osvdb.org/70849 http://www.securitytracker.com/id?1025058 http://secunia.com/advisories/43268 http://securityreason.com/securityalert/8098 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |