Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.801672 |
Category: | General |
Title: | RealNetworks RealPlayer Multiple Vulnerabilities (Windows) - Dec10 |
Summary: | This host is installed with RealPlayer which is prone to multiple; vulnerabilities. |
Description: | Summary: This host is installed with RealPlayer which is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An error in the 'Cook' codec initialization function - Heap-based buffer overflow errors when parsing 'SIPR', 'AAC', 'RealMedia', 'RA5' and 'SOUND' files - Integer overflow in the handling of frame dimensions in a 'SIPR' stream - An uninitialized pointer vulnerability exists in the CDDA URI ActiveX Control. - A stack-based buffer overflow in the RichFX component. - Heap-based buffer overflow error via a crafted 'QCP' file. - A parameter injection vulnerability in the RecordClip browser extension. - rjrmrpln.dll does not properly validate file contents that are used during interaction with a heap buffer. - Multiple heap-based buffer overflows in an ActiveX control allow remote attackers to execute arbitrary code via a long .smil argument to the tfile, pnmm, cdda protocol handler. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service. Affected Software/OS: RealPlayer SP 1.0 to 1.1.4 (12.x) RealNetworks RealPlayer SP 11.0 to 11.1 on Windows platform. Solution: Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 44144 Common Vulnerability Exposure (CVE) ID: CVE-2010-2579 http://www.securitytracker.com/id?1024861 Common Vulnerability Exposure (CVE) ID: CVE-2010-0125 Common Vulnerability Exposure (CVE) ID: CVE-2010-4379 http://www.redhat.com/support/errata/RHSA-2010-0981.html Common Vulnerability Exposure (CVE) ID: CVE-2010-4380 Common Vulnerability Exposure (CVE) ID: CVE-2010-4381 Common Vulnerability Exposure (CVE) ID: CVE-2010-4382 Common Vulnerability Exposure (CVE) ID: CVE-2010-4383 Common Vulnerability Exposure (CVE) ID: CVE-2010-4385 Common Vulnerability Exposure (CVE) ID: CVE-2010-4386 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=883 Common Vulnerability Exposure (CVE) ID: CVE-2010-4387 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=884 Common Vulnerability Exposure (CVE) ID: CVE-2010-3747 http://www.securityfocus.com/bid/44144 http://www.zerodayinitiative.com/advisories/ZDI-10-210/ http://securityreason.com/securityalert/8147 Common Vulnerability Exposure (CVE) ID: CVE-2010-3748 Common Vulnerability Exposure (CVE) ID: CVE-2010-3749 BugTraq ID: 44443 http://www.securityfocus.com/bid/44443 http://www.exploit-db.com/exploits/15991 http://www.zerodayinitiative.com/advisories/ZDI-10-211/ Common Vulnerability Exposure (CVE) ID: CVE-2010-3750 http://www.zerodayinitiative.com/advisories/ZDI-10-212/ Common Vulnerability Exposure (CVE) ID: CVE-2010-3751 http://www.zerodayinitiative.com/advisories/ZDI-10-213/ Common Vulnerability Exposure (CVE) ID: CVE-2010-2578 |
Copyright | Copyright (C) 2010 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |