Description
Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.
Affected products
- RealNetworks / helix_player11.0.0 – 11.0.0
- RealNetworks / helix_player10.0 – 10.0
- RealNetworks / helix_player11.0.1 – 11.0.1
- RealNetworks / realplayer11.0.1 – 11.0.1
- RealNetworks / realplayer11.0.2 – 11.0.2
- RealNetworks / realplayer11.0.3 – 11.0.3
- RealNetworks / realplayer11.0.4 – 11.0.4
- RealNetworks / realplayer11.0.5 – 11.0.5
- RealNetworks / realplayer10.1 – 10.1
- RealNetworks / realplayer10.0 – 10.0
- RealNetworks / realplayer10.5 – 10.5
- RealNetworks / realplayer11.0 – 11.0
- RealNetworks / realplayer10.0 – 10.0
- RealNetworks / realplayer11.0.0 – 11.0.0
- RealNetworks / realplayer11.0.1 – 11.0.1
- RealNetworks / realplayer_enterprise
- RealNetworks / realplayer_sp1.0.1 – 1.0.1
- RealNetworks / realplayer_sp1.0.0 – 1.0.0
References
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0178
- MISChttp://securitytracker.com/id?1023489
- MISChttp://service.real.com/realplayer/security/01192010_player/en/
- VENDOR_ADVISORYhttp://secunia.com/advisories/38218
- MISChttp://www.securityfocus.com/bid/37880
- VENDOR_ADVISORYhttp://www.zerodayinitiative.com/advisories/ZDI-10-008/
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/55797
- MISChttp://www.securityfocus.com/archive/1/509098/100/0/threaded