RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to Buffer Overflow Vulnerability.

Impact

Successful exploitation allows remote attackers to compromise a vulnerable system by convincing a user to open a malicious media file or visit a specially crafted web page.

Solution

Upgrade to RealPlayer version 14.0.2 or later, For updates refer to http://www.real.com/player

Insight

The flaws are caused due, - a buffer overflow error in the 'vidplin.dll' module when processing malformed header data. - temporary files that store references to media files having predictable names. This can be exploited in combination with the 'OpenURLInPlayerBrowser()' method of a browser plugin to execute the file.

Affected

RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.5 (12.x) RealPlayer versions 14.0.0 through 14.0.1

References

http://secunia.com/advisories/43098
http://service.real.com/realplayer/security/01272011_player/en/
http://www.vupen.com/english/advisories/2011/0240
http://xforce.iss.net/xforce/xfdb/64960

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4393, CVE-2011-0694

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Buffer Overflow Vulnerability (Windows)
Dell Webcam 'crazytalk4.ocx' ActiveX Multiple BOF Vulnerabilities
Adobe Flash Player Buffer Overflow Vulnerability (Linux)
Apple iTunes '.pls' Files Buffer Overflow Vulnerability
Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)

Take action and discover your vulnerabilities