| Name | RealNetworks.RealPlayer.GIF.Handling.Code.Execution |
| Release Date | Feb 11, 2010 |
| Severity | Critical |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attempt to exploit a heap-overflow vulnerability in RealNetworks RealPlayer.
This issue is caused by an error when the vulnerable softare handles a GIF file that includes too many undefined blocks. It may allow remote attackers to execute arbitrary code or crash the vulnerable software by sending a special crafted GIF file. |
| Affected Products | Real Networks RealPlayer SP 1.0.1
Real Networks RealPlayer SP 1.0
Real Networks RealPlayer Enterprise 1.7
Real Networks RealPlayer Enterprise 1.6
Real Networks RealPlayer Enterprise 1.5
Real Networks RealPlayer Enterprise 1.2
Real Networks RealPlayer Enterprise 1.1
Real Networks RealPlayer Enterprise
Real Networks RealPlayer 10 for Mac OS 10.0 503
Real Networks RealPlayer 10 for Mac OS 10.0 481
Real Networks RealPlayer 10 for Mac OS 10.0 412
Real Networks RealPlayer 10 for Mac OS 10.0 396
Real Networks RealPlayer 10 for Mac OS 10.0 352
Real Networks RealPlayer 10 for Mac OS 10.0 .0.331
Real Networks RealPlayer 10 for Mac OS 10.0 .0.331
Real Networks RealPlayer 10 for Mac OS 10.0.0.325
Real Networks RealPlayer 10 for Mac OS 10.0.0.305
Real Networks RealPlayer 10 for Mac OS
Real Networks RealPlayer 10 for Linux 10.1
Real Networks RealPlayer 10 for Linux 10.0.9
Real Networks RealPlayer 10 for Linux 10.0.8
Real Networks RealPlayer 10 for Linux 10.0.7
Real Networks RealPlayer 10 for Linux 10.0.6
Real Networks RealPlayer 10 for Linux 10.0.5
Real Networks RealPlayer 10 for Linux 10.0.4
Real Networks RealPlayer 10 for Linux 10.0.3
Real Networks RealPlayer 10 for Linux 10.0.2
Real Networks RealPlayer 10 for Linux 10.0.1
Real Networks RealPlayer 10 for Linux
Real Networks RealPlayer 11.0.5
Real Networks RealPlayer 11.0.4
Real Networks RealPlayer 11.0.3
Real Networks RealPlayer 11.0.2
Real Networks RealPlayer 11.0.1
Real Networks RealPlayer 10.5 v6.0.12.1741
Real Networks RealPlayer 10.5 v6.0.12.1698
Real Networks RealPlayer 10.5 v6.0.12.1675
Real Networks RealPlayer 10.5 v6.0.12.1663
Real Networks RealPlayer 10.5 v6.0.12.1483
Real Networks RealPlayer 10.5 v6.0.12.1235
Real Networks RealPlayer 10.5 v6.0.12.1069
Real Networks RealPlayer 10.5 v6.0.12.1059
Real Networks RealPlayer 10.5 v6.0.12.1056
Real Networks RealPlayer 10.5 v6.0.12.1053
Real Networks RealPlayer 10.5 v6.0.12.1040
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.5
Real Networks RealPlayer 11 |
| Recommended Actions | Refer to the vendor's web site for the suggested workaround:
http://service.real.com/realplayer/security/01192010_player/en/ |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4242
|
| Reference/s | http://www.securityfocus.com/bid/37880 (BugTraq)
http://www.zerodayinitiative.com/advisories/ZDI-10-006/
|