virus logo Intrusion Prevention

RealNetworks.RealPlayer.GIF.Handling.Code.Execution

description-logoDescription

This indicates an attempt to exploit a heap-overflow vulnerability in RealNetworks RealPlayer.
This issue is caused by an error when the vulnerable softare handles a GIF file that includes too many undefined blocks. It may allow remote attackers to execute arbitrary code or crash the vulnerable software by sending a special crafted GIF file.

affected-products-logoAffected Products

Real Networks RealPlayer SP 1.0.1
Real Networks RealPlayer SP 1.0
Real Networks RealPlayer Enterprise 1.7
Real Networks RealPlayer Enterprise 1.6
Real Networks RealPlayer Enterprise 1.5
Real Networks RealPlayer Enterprise 1.2
Real Networks RealPlayer Enterprise 1.1
Real Networks RealPlayer Enterprise
Real Networks RealPlayer 10 for Mac OS 10.0 503
Real Networks RealPlayer 10 for Mac OS 10.0 481
Real Networks RealPlayer 10 for Mac OS 10.0 412
Real Networks RealPlayer 10 for Mac OS 10.0 396
Real Networks RealPlayer 10 for Mac OS 10.0 352
Real Networks RealPlayer 10 for Mac OS 10.0 .0.331
Real Networks RealPlayer 10 for Mac OS 10.0 .0.331
Real Networks RealPlayer 10 for Mac OS 10.0.0.325
Real Networks RealPlayer 10 for Mac OS 10.0.0.305
Real Networks RealPlayer 10 for Mac OS
Real Networks RealPlayer 10 for Linux 10.1
Real Networks RealPlayer 10 for Linux 10.0.9
Real Networks RealPlayer 10 for Linux 10.0.8
Real Networks RealPlayer 10 for Linux 10.0.7
Real Networks RealPlayer 10 for Linux 10.0.6
Real Networks RealPlayer 10 for Linux 10.0.5
Real Networks RealPlayer 10 for Linux 10.0.4
Real Networks RealPlayer 10 for Linux 10.0.3
Real Networks RealPlayer 10 for Linux 10.0.2
Real Networks RealPlayer 10 for Linux 10.0.1
Real Networks RealPlayer 10 for Linux
Real Networks RealPlayer 11.0.5
Real Networks RealPlayer 11.0.4
Real Networks RealPlayer 11.0.3
Real Networks RealPlayer 11.0.2
Real Networks RealPlayer 11.0.1
Real Networks RealPlayer 10.5 v6.0.12.1741
Real Networks RealPlayer 10.5 v6.0.12.1698
Real Networks RealPlayer 10.5 v6.0.12.1675
Real Networks RealPlayer 10.5 v6.0.12.1663
Real Networks RealPlayer 10.5 v6.0.12.1483
Real Networks RealPlayer 10.5 v6.0.12.1235
Real Networks RealPlayer 10.5 v6.0.12.1069
Real Networks RealPlayer 10.5 v6.0.12.1059
Real Networks RealPlayer 10.5 v6.0.12.1056
Real Networks RealPlayer 10.5 v6.0.12.1053
Real Networks RealPlayer 10.5 v6.0.12.1040
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.5
Real Networks RealPlayer 11

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for the suggested workaround:
http://service.real.com/realplayer/security/01192010_player/en/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-01-11 16.995

References

http://www.zerodayinitiative.com/advisories/ZDI-10-006/
ID 18143
Created Feb 11, 2010
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2009-4242
Exploit Prediction Score 43.18%
Default Action drop
Active
Affected OS Windows
Affected App Real