Real Networks RealPlayer < 14.0.6.666 (Build 12.0.1.666) Multiple Vulnerabilities

The remote host is running an application that is vulnerable to multiple attack vectors.

The remote host is running RealPlayer, a multi-media application.

RealPlayer builds earlier than 12.0.1.666 are potentially affected by multiple code execution vulnerabilities :

• A heap based buffer overflow vulnerability exits within qcpfformat.dll file, which only creates a static 256 byte allocation on the heap. This can be abused by a remote attacker to execute arbitrary code running in the context of the web browser. (CVE-2011-2950)

• A flaw exists due to RealPlayer allowing users to run local HTML files with scripting enabled without any warning. Attackers can exploit this issue to execute arbitrary code within the context of the application(typically Internet Explorer) that uses the ActiveX control. (CVE-2011-2947)

• A memory-corruption vulnerability exist due to an use-after-free condition that affects “Embedded AutoUpdate.” Successful exploit will allow remote attackers to execute arbitrary code within the context of the affected application. (CVE-2011-2954)

• A remote buffer-overflow vulnerability exists due to the software failing to perform adequate boundary-checks on user-supplied data. Successful exploit allow attackers to execute arbitrary code in the context of the vulnerable applications. (CVE-2011-2951)

• A remote code-execution vulnerability exists when handling ‘DEFINEFONT’ fields in Flash files. Successful exploit will allow remote attackers to execute arbitrary code within the context of the affected application. (CVE-2011-2948)

• A remote code-execution vulnerability exist in the way the application uses ‘WideCharToMultiByte’ call, resulting in a heap-based buffer overflow. Successful exploit will allow remote attackers to execute arbitrary code within the context of the affected application. (CVE-2011-2949)

• A memory-corruption vulnerability exists due to an use-after-free condition, particularly affects the dialogue box. Successful exploit will allow remote attackers to execute arbitrary code within the context of the affected application. (CVE-2011-2952)

\ - A memory-corruption vulnerability exists due to an use-after-free condition, particularly affects the Embedded Modal Dialog. Successful exploit will allow remote attackers to execute arbitrary code within the context of the affected application. (CVE-2011-2955)

• A cross-zone scripting vulnerability exists due to the fact that the RealPlayer ActiveX control allows users to run local HTML files with scripting enabled without providing any warning. Attackers can exploit this issue to execute arbitrary code within the context of the application(typically Internet Explorer) that uses the ActiveX Control. (CVE-2011-121)