You are here

U-042: Mac RealPlayer Multiple Vulnerabilities

November 21, 2011 - 9:15am

Addthis

PROBLEM:

Mac RealPlayer Multiple Vulnerabilities.

PLATFORM:

Versions 12.0.0.1701 and prior.

ABSTRACT:

Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system.

reference LINKS:

Secunia Advisory: SA46963
Secunia Vulnerability Report: Mac RealPlayer 12.x
Secunia Advisory: SA46954

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior.

Impact:

1) An unspecified error related to RealVideo rendering can be exploited to cause a heap-based buffer overflow.
2) An unspecified error related to RealVideo rendering can be exploited to corrupt memory.
3) An unspecified error related to the AAC Codec can be exploited to corrupt memory.
4) An unspecified error exists within parsing of QCELP streams.
5) An unspecified error exists within parsing of AAC files.
6) An unspecified error exists related to indexes within RV30 encoded files.
7) An unspecified error exists within parsing of the ATRC codec.
8) An unspecified error exists related to sample size when parsing RealAudio files.
9) An unspecified error exists related to sample height when parsing RV10 encoded files.
10) An unspecified error exists when decoding RV20 encoded files.
11) An unspecified error exists when handling RTSP SETUP requests.
12) An unspecified error exists related to invalid codec names.
13) An unspecified error exists related to an uninitialized index value within RV30 encoded files.
14) An unspecified error exists when parsing the channel within the Cook codec.
15) An unspecified error exists when parsing the MLTI chunk length within IVR files.
16) An integer underflow error exists related to the MPG width.
17) An unspecified error exists when parsing MP4 headers.
18) An unspecified error related to MP4 video dimensions can be exploited to corrupt heap memory.
19) An unspecified error exists when parsing MP4 files.

Solution:

Mac Support Downloads

Addthis