Computer Security
[EN] securityvulns.ru no-pyccku


RealNetworks RealPlayer multiple security vulnerabilities
Published:13.06.2012
Source:
SecurityVulns ID:12415
Type:client
Threat Level:
6/10
Description:Multiple vulnerabilities on different sofrmats parsing.
Affected:REAL : RealPlayer SP 1.1
 REAL : RealPlayer 15.02
CVE:CVE-2012-0926 (The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.)
 CVE-2012-0922 (rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.)
 CVE-2011-4261 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.)
 CVE-2011-4260 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.)
 CVE-2011-4247 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.)
Original documentdocumentZDI, ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-086 : RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-085 : RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-084 : RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability (13.06.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod