This application requires Javascript for optimal performance.

RealNetworks.RealPlayer.GIF.Handling.Code.Execution

Release Date Feb 11, 2010
Severity critical
Impact System Compromise: Remote attackers can gain control of vulnerable systems.
Description This indicates an attempt to exploit a heap-overflow vulnerability in RealNetworks RealPlayer. This issue is caused by an error when the vulnerable softare handles a GIF file that includes too many undefined blocks. It may allow remote attackers to execute arbitrary code or crash the vulnerable software by sending a special crafted GIF file.
Affected Products Real Networks RealPlayer SP 1.0.1 Real Networks RealPlayer SP 1.0 Real Networks RealPlayer Enterprise 1.7 Real Networks RealPlayer Enterprise 1.6 Real Networks RealPlayer Enterprise 1.5 Real Networks RealPlayer Enterprise 1.2 Real Networks RealPlayer Enterprise 1.1 Real Networks RealPlayer Enterprise Real Networks RealPlayer 10 for Mac OS 10.0 503 Real Networks RealPlayer 10 for Mac OS 10.0 481 Real Networks RealPlayer 10 for Mac OS 10.0 412 Real Networks RealPlayer 10 for Mac OS 10.0 396 Real Networks RealPlayer 10 for Mac OS 10.0 352 Real Networks RealPlayer 10 for Mac OS 10.0 .0.331 Real Networks RealPlayer 10 for Mac OS 10.0 .0.331 Real Networks RealPlayer 10 for Mac OS 10.0.0.325 Real Networks RealPlayer 10 for Mac OS 10.0.0.305 Real Networks RealPlayer 10 for Mac OS Real Networks RealPlayer 10 for Linux 10.1 Real Networks RealPlayer 10 for Linux 10.0.9 Real Networks RealPlayer 10 for Linux 10.0.8 Real Networks RealPlayer 10 for Linux 10.0.7 Real Networks RealPlayer 10 for Linux 10.0.6 Real Networks RealPlayer 10 for Linux 10.0.5 Real Networks RealPlayer 10 for Linux 10.0.4 Real Networks RealPlayer 10 for Linux 10.0.3 Real Networks RealPlayer 10 for Linux 10.0.2 Real Networks RealPlayer 10 for Linux 10.0.1 Real Networks RealPlayer 10 for Linux Real Networks RealPlayer 11.0.5 Real Networks RealPlayer 11.0.4 Real Networks RealPlayer 11.0.3 Real Networks RealPlayer 11.0.2 Real Networks RealPlayer 11.0.1 Real Networks RealPlayer 10.5 v6.0.12.1741 Real Networks RealPlayer 10.5 v6.0.12.1698 Real Networks RealPlayer 10.5 v6.0.12.1675 Real Networks RealPlayer 10.5 v6.0.12.1663 Real Networks RealPlayer 10.5 v6.0.12.1483 Real Networks RealPlayer 10.5 v6.0.12.1235 Real Networks RealPlayer 10.5 v6.0.12.1069 Real Networks RealPlayer 10.5 v6.0.12.1059 Real Networks RealPlayer 10.5 v6.0.12.1056 Real Networks RealPlayer 10.5 v6.0.12.1053 Real Networks RealPlayer 10.5 v6.0.12.1040 Real Networks RealPlayer 10.5 Real Networks RealPlayer 10.5 Real Networks RealPlayer 10.5 Real Networks RealPlayer 11
Recommended Actions Refer to the vendor's web site for the suggested workaround: http://service.real.com/realplayer/security/01192010_player/en/
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2009-4242
Reference/s http://www.zerodayinitiative.com/advisories/ZDI-10-006/ http://www.securityfocus.com/bid/37880 (BugTraq)

Reference: VID-18143

Current Threat Level

Vulnerabilities

Virus/Spyware

Spam

PGP Keys

Contact Form

Copyright © 2011 Fortinet Inc. All Rights Reserved