Summary
This host is installed with RealPlayer which is prone to multiple vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service.
Solution
Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later, For updates refer to http://www.real.com/player
Insight
The multiple flaws are due to,
- An error in the 'Cook' codec initialization function - Heap-based buffer overflow when parsing of 'Cook' codec information in a Real Audio file with many subbands - Memory corruption error in parsing of a 'RV20' video stream - Cross-site scripting in ActiveX control and several HTML files - Heap-based buffer overflow errors in the cook codec functions - Heap-based buffer overflow when parsing 'AAC', 'IVR', 'RealMedia', and 'RealPix' files
Affected
RealPlayer SP 1.0 to 1.1.5 (12.x)
RealNetworks RealPlayer SP 11.0 to 11.1 on Windows platform.
References
Severity
Classification
-
CVE CVE-2010-0121, CVE-2010-4377, CVE-2010-4378, CVE-2010-4388, CVE-2010-4389, CVE-2010-4390, CVE-2010-4391, CVE-2010-4392, CVE-2010-4394, CVE-2010-4395, CVE-2010-4396 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability