---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: RealPlayer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38218 VERIFY ADVISORY: http://secunia.com/advisories/38218/ DESCRIPTION: Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system. 1) An unspecified error related to the RealPlayer ASM Rulebook can be exploited to cause a heap-based buffer overflow. 2) An unspecified error when processing GIF images can be exploited to cause a heap-based buffer overflow. 3) A vulnerability is caused due to an unspecified error related to HTTP chunk encoding. 4) An unspecified error within the RealPlayer SIPR codec can be exploited to cause a heap-based buffer overflow. 5) An unspecified error when processing compressed GIF images can be exploited to cause a heap-based buffer overflow. 6) An unspecified error within the RealPlayer SMIL parsing can be exploited to cause a heap-based buffer overflow. 7) An unspecified error within the RealPlayer skin parsing can be exploited to cause a stack-based buffer overflow. 8) An unspecified error related to the RealPlayer ASM RuleBook can be exploited to cause an "array overflow". 9) An unspecified boundary error related to RealPlayer RTSP "set_parameter" can be exploited to cause a buffer overflow. 10) Two vulnerabilities are caused due to errors within the processing of Internet Video Recording (IVR) files. For more information: SA33810 The following products are affected by one or all vulnerabilities (see vendor's advisory for details): * RealPlayer SP 1.0.0 and 1.0.1 * RealPlayer 11 11.0.5 and higher * RealPlayer 11 11.0.0, 11.0.1 - 11.0.4 * RealPlayer 10.5 6.0.12.1675, 6.0.12.1040-6.0.12.1663, 6.0.12.1698, 6.0.12.1741 * RealPlayer 10 * RealPlayer Enterprise * Mac RealPlayer 10, 10.1, 11.0, 11.0.1 * Helix Player 10.*, 11.0.0, 11.0.1 * Linux RealPlayer 10, 11.0.0, 11.0.1 SOLUTION: Update to the latest version. Please see the vendor's advisory for details. http://service.real.com/realplayer/security/01192010_player/en/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Evgeny Legerov * anonymous persons working with iDEFENSE Labs * John Rambo and anonymous researchers working with TippingPoint's Zero Day Initiative ORIGINAL ADVISORY: http://service.real.com/realplayer/security/01192010_player/en/ OTHER REFERENCES: SA33810: http://secunia.com/advisories/33810/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------