SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   RealOne (RealPlayer) Vendors:   RealNetworks
RealPlayer Bugs Let Remote Users Obtain Files and Execute Arbitrary Code
SecurityTracker Alert ID:  1024370
SecurityTracker URL:  http://securitytracker.com/id/1024370
CVE Reference:   CVE-2010-0116, CVE-2010-0117, CVE-2010-0120, CVE-2010-2996, CVE-2010-3000, CVE-2010-3001, CVE-2010-3002   (Links to External Site)
Date:  Aug 27 2010
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Not specified, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): RealPlayer SP prior to 1.1.5; RealPlayer 11.x
Description:   Multiple vulnerabilities were reported in RealPlayer. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain files from the target user's system.

A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A specially crafted RealPlayer QCP file can trigger an integer overflow [CVE-2010-0116]. Windows RealPlayer SP versions 1.1.4 and prior versions are affected. Alin Rad Pop of Secunia Research reported this vulnerability.

Specially crafted dimensions in the YUV420 transformation of MP4 content can trigger code execution [CVE-2010-0117]. Windows RealPlayer SP 1.1.4 and prior versions are affected. Carsten Eiram of Secunia Research reported this vulnerability.

Specially crafted QCP data can trigger a heap overflow [CVE-2010-0120]. Windows RealPlayer SP 1.1.4 and prior versions are affected. Carsten Eiram of Secunia Research reported this vulnerability.

A specially crafted IVR file can trigger code execution [CVE-2010-2996]. Windows RealPlayer 11.1 and prior versions are affected. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.

A specially crafted FLV file can trigger an integer overflow [CVE-2010-3000]. Windows RealPlayer SP 1.1.4 and prior versions are affected. Sebastian Apelt and siberas reported this vulnerability via TippingPoint's Zero Day Initiative.

A flaw in the ActiveX IE Plugin has unspecified impact [CVE-2010-3001]. Windows RealPlayer SP 1.1.4 and prior versions are affected. Steve Manzuik of Microsoft Vulnerability Research (MSVR) reported this vulnerability.

A flaw in the ActivX control allows a remote user to access files on the target user's system [CVE-2010-3002]. Windows RealPlayer 11.1 and prior versions are affected. Behrang Fouladi of SensePost reported this vulnerability.

The RealPlayer Enterprise, Mac RealPlayer, Linux RealPlayer, and Helix Player are not affected by these vulnerabilities.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can create HTML that, when loaded by the target user, will access files on the target user's system.

Solution:   The vendor has issued a fix (RealPlayer SP 1.1.5).

The vendor's advisory is available at:

http://service.real.com/realplayer/security/08262010_player/en/

Vendor URL:  service.real.com/realplayer/security/08262010_player/en/ (Links to External Site)
Cause:   Access control error, Boundary error, Not specified
Underlying OS:  Windows (Any)
Underlying OS Comments:  Windows only

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC