Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66797
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0094
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0094.

HelixPlayer is a media player.

Multiple buffer and integer overflow flaws were found in the way
HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker
could create a specially-crafted GIF file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,
CVE-2009-4245)

A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. An attacker
could create a specially-crafted SMIL file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)

A buffer overflow flaw was found in the way HelixPlayer handled the Real
Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP
server could use this flaw to crash HelixPlayer or, potentially, execute
arbitrary code. (CVE-2009-4248)

Multiple buffer overflow flaws were discovered in the way HelixPlayer
handled RuleBook structures in media files and RTSP streams.
Specially-crafted input could cause HelixPlayer to crash or, potentially,
execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)

A buffer overflow flaw was found in the way HelixPlayer performed URL
un-escaping. A specially-crafted URL string could cause HelixPlayer to
crash or, potentially, execute arbitrary code. (CVE-2010-0416)

All HelixPlayer users are advised to upgrade to this updated package,
which contains backported patches to resolve these issues. All running
instances of HelixPlayer must be restarted for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0094.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-4242
BugTraq ID: 37880
http://www.securityfocus.com/bid/37880
Bugtraq: 20100121 ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/509096/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-006/
http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008633.html
http://osvdb.org/61966
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10144
http://www.redhat.com/support/errata/RHSA-2010-0094.html
http://securitytracker.com/id?1023489
http://secunia.com/advisories/38218
http://secunia.com/advisories/38450
http://www.vupen.com/english/advisories/2010/0178
XForce ISS Database: realplayer-gif-bo(55795)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55795
Common Vulnerability Exposure (CVE) ID: CVE-2009-4245
http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html
http://osvdb.org/61969
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998
XForce ISS Database: realplayer-gifimage-bo(55800)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55800
Common Vulnerability Exposure (CVE) ID: CVE-2009-4247
http://lists.helixcommunity.org/pipermail/helix-client-dev/2009-August/008092.html
http://lists.helixcommunity.org/pipermail/protocol-cvs/2009-August/001943.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10677
XForce ISS Database: realplayer-rulebook-overflow(55802)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55802
Common Vulnerability Exposure (CVE) ID: CVE-2009-4248
http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html
http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html
http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641
XForce ISS Database: realplayer-rtsp-setparameter-bo(55801)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55801
Common Vulnerability Exposure (CVE) ID: CVE-2009-4257
Bugtraq: 20100121 ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/509105/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-007/
http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11110
XForce ISS Database: realnetworks-realplayer-smil-bo(55798)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55798
Common Vulnerability Exposure (CVE) ID: CVE-2010-0416
http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847
Common Vulnerability Exposure (CVE) ID: CVE-2010-0417
http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.