System compromise in RealPlayer

Posted: September 11, 2012 in Vulnerabilities
Tags: ,

Real Player logoVulnerability: System compromise in RealPlayer
Danger: High
CVE ID:

CVE-2012-2407
CVE-2012-2408
CVE-2012-2409
CVE-2012-2410
CVE-2012-3234

Impact: System Compromise
Affected products: RealPlayer 15.x
Affected versions: RealPlayer 15.0.2.72, perhaps the only one.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

1. An error when decompressing AAC-stream data. This can be exploited to cause a buffer overflow and execute arbitrary code.

2. An error in decoding AAC SDK. This can be damaging dynamic memory and execute arbitrary code.

3. An error in the processing of RealMedia files. This can be exploited to cause a buffer overflow and execute arbitrary code.

4. An error in the processing of RealMedia files. This can be exploited to cause a buffer overflow and execute arbitrary code.

Manufacturer URL: http://eu.real.com/

Solution: Install the latest version 15.0.3.37 from the manufacturer.

links:

http://service.real.com/realplayer/security/09072012_player/en/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s