Tenable5325.PRMReal Networks RealPlayer < RealPlayer SP 1.0.5 Multiple Vulnerabilities
The remote host is running a version of RealPlayer earlier than RealPlayer SP 1.0.5. Such versions are potentially affected by multiple vulnerabilities :
-
A RealPlayer ‘ASM’ Rulebook heap-based buffer overflow. (CVE-2009-4241)
-
A RealPlayer ‘GIF’ file heap overflow. (CVE-2009-4242)
-
A RealPlayer media overflow (http chunck encoding). (CVE-2009-4243)
-
A RealPlayer ‘IVR’ file processing buffer overflow. (CVE-2009-0375)
-
A RealPlayer ‘IVR’ file heap overflow. (CVE-2009-0376)
-
A RealPlayer ‘SIPR’ codec heap overflow. (CVE-2009-4244)
-
A RealPlayer compressed ‘GIF’ heap overflow. (CVE-2009-4245)
-
A RealPlayer ‘SMIL’ parsing heap overflow. (CVE-2009-4257)
-
A RealPlayer skin parsing stack overflow. (CVE-2009-4246)
-
A RealPlayer ‘ASM’ RuleBook array overflow. (CVE-2009-4247)
-
A RealPlayer ‘rtsp’ ‘set_parameter’ buffer overflow. (CVE-2009-4248)
Note that different versions are affected by different vulnerabilities.
Binary data 5325.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| realnetworks | realplayer | cpe:/a:realnetworks:realplayer |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0375
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4241
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4242
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4243
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4244
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4245
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4246
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4247
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4248
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4257
service.real.com/realplayer/security/01192010_player/en
www.securityfocus.com/archive/1/509096/30/0/threaded
www.securityfocus.com/archive/1/509098/30/0/threaded
www.securityfocus.com/archive/1/509100/30/0/threaded
www.securityfocus.com/archive/1/509104/30/0/threaded
www.securityfocus.com/archive/1/509105/30/0/threaded
www.zerodayinitiative.com/advisories/ZDI-10-005
www.zerodayinitiative.com/advisories/ZDI-10-006
www.zerodayinitiative.com/advisories/ZDI-10-007
www.zerodayinitiative.com/advisories/ZDI-10-008
www.zerodayinitiative.com/advisories/ZDI-10-010
Related
