RealPlayer for Windows < Build 12.0.1.609 Multiple Vulnerabilities

critical Nessus Plugin ID 50612

Language:

Synopsis

An application on the remote Windows host is affected by multiple vulnerabilities.

Description

According to its build number, the installed version of RealPlayer on the remote Windows host is affected by multiple vulnerabilities:

- An error in the 'Cook' codec initialization function and can be used to access uninitialized memory. (CVE-2010-0121)

- Freed pointer access in the handling of the 'Stream Title' tag in a SHOUTcast stream using the ICY protocol.
(CVE-2010-2997)

- An integer overflow error exists when handling a malformed 'MLLT atom' in an AAC file. (CVE-2010-2999)

- Heap-based buffer overflow when handling of multi-rate audio streams. (CVE-2010-4375)

- Heap-based buffer overflow when parsing GIF87a files with large 'Screen Width' values in the 'Screen Descriptor' header over RTSP. (CVE-2010-4376)

- Heap-based buffer overflow when parsing of 'Cook' codec information in a Real Audio file with many subbands.
(CVE-2010-4377)

- Memory corruption in parsing of a 'RV20' video stream.
(CVE-2010-4378)

- Heap-based buffer overflow when parsing 'AAC', 'IVR', 'RealMedia', 'RA5', 'RealPix', 'SIPR' and 'SOUND' files.
(CVE-2010-0125, CVE-2010-4379, CVE-2010-4380, CVE-2010-4381, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4386, CVE-2010-4387, CVE-2010-4390, CVE-2010-4391, CVE-2010-4392)

- Integer overflow in the handling of frame dimensions in a 'SIPR' stream. (CVE-2010-4385)

- An input validation error in the 'pnen3260.dll' module can allow arbitrary code execution via a crafted 'TIT2 atom' in an AAC file. (CVE-2010-4397)

- Heap-based buffer overflow in the 'Cook' codec handling functions. (CVE-2010-2579, CVE-2010-4389)

- Heap-based buffer overflow in the decoding portion of the 'Advanced Audio Coding' compression implementation. (CVE-2010-4395)

- Cross-site scripting in ActiveX control and several HTML files. (CVE-2010-4396, CVE-2010-4388)

Solution

Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later.

Plugin Details

Severity: Critical

ID: 50612

File Name: realplayer_12_0_1_609.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 11/16/2010

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Required KB Items: SMB/RealPlayer/Product, SMB/RealPlayer/Build

Exploit Ease: No known exploits are available

Patch Publication Date: 10/28/2010

Vulnerability Publication Date: 11/15/2010

Reference Information

CVE: CVE-2010-0121, CVE-2010-0125, CVE-2010-2579, CVE-2010-2997, CVE-2010-2999, CVE-2010-4375, CVE-2010-4376, CVE-2010-4377, CVE-2010-4378, CVE-2010-4379, CVE-2010-4380, CVE-2010-4381, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4387, CVE-2010-4388, CVE-2010-4389, CVE-2010-4390, CVE-2010-4391, CVE-2010-4392, CVE-2010-4394, CVE-2010-4395, CVE-2010-4396, CVE-2010-4397

BID: 44847, 45406, 45407, 45409, 45410, 45411, 45412, 45414, 45421, 45422, 45424, 45425, 45426, 45428, 45429, 45444, 45445, 45448, 45449, 45451, 45452, 45453, 45455, 45458, 45459, 45463, 45464, 45465

Secunia: 38550, 42203

Detections

Analytics