Buffer overflow : RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Linux)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.902108
Category:	Buffer overflow
Title:	RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Linux)
Summary:	Check for the version of RealPlayer
Description:	Overview: This host is installed with RealPlayer which is prone to multiple code execution vulnerabilities. Vulnerability Insight: Buffer overflow errors exists, when processing a malformed 'ASM Rulebook', 'GIF file', 'media file', 'IVR file', 'SIPR Codec', 'SMIL file','Skin', and 'set_parameter' method. Impact: Successful exploitation will let the attacker execute arbitrary codes within the context of the application and can cause heap overflow or allow remote code execution. Affected Software/OS: RealPlayer versions 10.x and prior Linux platforms. Fix: Upgrade to RealPlayer version 11.0.5 or later. For updates refer to http://www.real.com/player References: http://secunia.com/advisories/38218 http://xforce.iss.net/xforce/xfdb/55794 http://www.vupen.com/english/advisories/2010/0178 http://service.real.com/realplayer/security/01192010_player/en/
Cross-Ref:	BugTraq ID: 33652 BugTraq ID: 37880 Common Vulnerability Exposure (CVE) ID: CVE-2009-0375 Bugtraq: 20090206 RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/archive/1/500722/100/0/threaded http://www.fortiguardcenter.com/advisory/FGA-2009-04.html http://www.securityfocus.com/bid/33652 http://secunia.com/advisories/33810 http://secunia.com/advisories/38218 http://www.vupen.com/english/advisories/2010/0178 XForce ISS Database: realplayer-ivr-bo(48567) http://xforce.iss.net/xforce/xfdb/48567 Common Vulnerability Exposure (CVE) ID: CVE-2009-0376 Bugtraq: 20100121 ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/509097/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-009/ XForce ISS Database: realplayer-ivr-code-execution(48568) http://xforce.iss.net/xforce/xfdb/48568 Common Vulnerability Exposure (CVE) ID: CVE-2009-4241 Bugtraq: 20100121 ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/509100/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-005/ http://www.securityfocus.com/bid/37880 http://securitytracker.com/id?1023489 XForce ISS Database: realplayer-asmrulebook-bo(55794) http://xforce.iss.net/xforce/xfdb/55794 Common Vulnerability Exposure (CVE) ID: CVE-2009-4242 Bugtraq: 20100121 ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/509096/100/0/threaded http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008633.html http://www.zerodayinitiative.com/advisories/ZDI-10-006/ http://www.redhat.com/support/errata/RHSA-2010-0094.html http://osvdb.org/61966 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10144 http://secunia.com/advisories/38450 XForce ISS Database: realplayer-gif-bo(55795) http://xforce.iss.net/xforce/xfdb/55795 Common Vulnerability Exposure (CVE) ID: CVE-2009-4243 http://osvdb.org/61967 XForce ISS Database: realplayer-httpchunk-bo(55796) http://xforce.iss.net/xforce/xfdb/55796 Common Vulnerability Exposure (CVE) ID: CVE-2009-4244 Bugtraq: 20100121 ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/509098/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-008/ XForce ISS Database: realplayer-sipr-bo(55797) http://xforce.iss.net/xforce/xfdb/55797 Common Vulnerability Exposure (CVE) ID: CVE-2009-4245 http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html http://osvdb.org/61969 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9998 XForce ISS Database: realplayer-gifimage-bo(55800) http://xforce.iss.net/xforce/xfdb/55800 Common Vulnerability Exposure (CVE) ID: CVE-2009-4246 Bugtraq: 20100121 ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/509104/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-010/ XForce ISS Database: realplayer-skin-bo(55799) http://xforce.iss.net/xforce/xfdb/55799 Common Vulnerability Exposure (CVE) ID: CVE-2009-4247 http://lists.helixcommunity.org/pipermail/helix-client-dev/2009-August/008092.html http://lists.helixcommunity.org/pipermail/protocol-cvs/2009-August/001943.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10677 XForce ISS Database: realplayer-rulebook-overflow(55802) http://xforce.iss.net/xforce/xfdb/55802 Common Vulnerability Exposure (CVE) ID: CVE-2009-4248 http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10641 XForce ISS Database: realplayer-rtsp-setparameter-bo(55801) http://xforce.iss.net/xforce/xfdb/55801 Common Vulnerability Exposure (CVE) ID: CVE-2009-4257 Bugtraq: 20100121 ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/509105/100/0/threaded http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.html http://www.zerodayinitiative.com/advisories/ZDI-10-007/ http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11110 XForce ISS Database: realnetworks-realplayer-smil-bo(55798) http://xforce.iss.net/xforce/xfdb/55798
Copyright	Copyright (C) 2010 Greenbone Networks GmbH