Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.801507
Category:General
Title:RealNetworks RealPlayer Multiple Vulnerabilities (Windows)
Summary:This host is installed with RealPlayer which is prone to multiple; vulnerabilities.
Description:Summary:
This host is installed with RealPlayer which is prone to multiple
vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- An error in the handling of dimensions during 'YUV420'
transformations, which allows attackers to execute arbitrary code via
crafted MP4 content.

- An integer overflow error in the handling of crafted QCP file.

- A heap-based buffer overflow when handling large size values in 'QCP'
audio content.

- An integer overflows in the 'ParseKnownType()' function, which allows
attackers to execute arbitrary code via crafted 'HX_FLV_META_AMF_TYPE_MIXEDARRAY'
or 'HX_FLV_META_AMF_TYPE_ARRAY' data in an FLV file.

- An unspecified error in an ActiveX control in the Internet Explorer (IE)
plugin, has unknown impact and attack vectors related to
'multiple browser windows.'

Vulnerability Impact:
Successful exploitation will let the attacker execute arbitrary
codes within the context of the application and can cause heap overflow
or allow remote code execution.

Affected Software/OS:
RealPlayer SP 1.0 to 1.1.4 (12.x)
RealNetworks RealPlayer SP 11.0 to 11.1 on Windows platform.

Solution:
Upgrade to RealPlayer SP version 1.1.5.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 42775
Common Vulnerability Exposure (CVE) ID: CVE-2010-0117
http://secunia.com/secunia_research/2010-5/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169
http://www.securitytracker.com/id?1024370
http://secunia.com/advisories/41096
http://secunia.com/advisories/41154
http://www.vupen.com/english/advisories/2010/2216
XForce ISS Database: realplayer-yuv420-code-execution(61421)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61421
Common Vulnerability Exposure (CVE) ID: CVE-2010-0116
http://secunia.com/secunia_research/2010-3/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7326
XForce ISS Database: realplayer-qcp-bo(61420)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61420
Common Vulnerability Exposure (CVE) ID: CVE-2010-0120
http://secunia.com/secunia_research/2010-8/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6807
XForce ISS Database: realplayer-qcp-audio-bo(61422)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61422
Common Vulnerability Exposure (CVE) ID: CVE-2010-3000
Bugtraq: 20100826 ZDI-10-167: RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/513383/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-167
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651
XForce ISS Database: realplayer-parseknowntype-code-exec(61423)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61423
Common Vulnerability Exposure (CVE) ID: CVE-2010-3001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7507
XForce ISS Database: Realplayer-activex-unspecified(61424)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61424
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.