Sign-up

ID

VAR-201001-0741


CVE

CVE-2009-4244


TITLE

Realnetworks RealPlayer Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-001049

DESCRIPTION

Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation. This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site.The specific flaw exists during the parsing of SIPR codec fields. Specifying a small length value can trigger an undersized heap allocation. This buffer can then subsequently be overflowed. This vulnerability can result in arbitrary code execution under the context of the currently logged in user. RealPlayer SP, RealPlayer, and Helix Player are prone to multiple remote vulnerabilities, including heap- and stack-based buffer-overflow issues. A remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Failed exploit attempts will result in a denial-of-service condition. The following are vulnerable: RealPlayer SP 1.0.0 through 1.0.1 RealPlayer 11 11.0.0 through 11.0.5 RealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741 RealPlayer 10 and 10.1 Helix Player 11.0.0 through 11.0.2. A heap buffer overflow vulnerability exists in version x. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: RealPlayer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38218 VERIFY ADVISORY: http://secunia.com/advisories/38218/ DESCRIPTION: Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system. 1) An unspecified error related to the RealPlayer ASM Rulebook can be exploited to cause a heap-based buffer overflow. 2) An unspecified error when processing GIF images can be exploited to cause a heap-based buffer overflow. 3) A vulnerability is caused due to an unspecified error related to HTTP chunk encoding. 4) An unspecified error within the RealPlayer SIPR codec can be exploited to cause a heap-based buffer overflow. 5) An unspecified error when processing compressed GIF images can be exploited to cause a heap-based buffer overflow. 6) An unspecified error within the RealPlayer SMIL parsing can be exploited to cause a heap-based buffer overflow. 7) An unspecified error within the RealPlayer skin parsing can be exploited to cause a stack-based buffer overflow. 8) An unspecified error related to the RealPlayer ASM RuleBook can be exploited to cause an "array overflow". 9) An unspecified boundary error related to RealPlayer RTSP "set_parameter" can be exploited to cause a buffer overflow. 10) Two vulnerabilities are caused due to errors within the processing of Internet Video Recording (IVR) files. Please see the vendor's advisory for details. http://service.real.com/realplayer/security/01192010_player/en/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Evgeny Legerov * anonymous persons working with iDEFENSE Labs * John Rambo and anonymous researchers working with TippingPoint's Zero Day Initiative ORIGINAL ADVISORY: http://service.real.com/realplayer/security/01192010_player/en/ OTHER REFERENCES: SA33810: http://secunia.com/advisories/33810/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-008 January 21, 2010 -- CVE ID: CVE-2009-4244 -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks RealPlayer -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6514. -- Vendor Response: RealNetworks has issued an update to correct this vulnerability. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/

Trust: 2.79

sources: NVD: CVE-2009-4244 // JVNDB: JVNDB-2010-001049 // ZDI: ZDI-10-008 // BID: 37880 // VULHUB: VHN-41690 // PACKETSTORM: 85439 // PACKETSTORM: 85508

AFFECTED PRODUCTS

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.1

Trust: 1.9

vendor:realnetworksmodel:realplayerscope:eqversion:10.5

Trust: 1.9

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.0

Trust: 1.6

vendor:realnetworksmodel:realplayerscope:eqversion:10.0

Trust: 1.6

vendor:realnetworksmodel:realplayerscope:eqversion:10.1

Trust: 1.6

vendor:realnetworksmodel:realplayerscope:eqversion:11.0

Trust: 1.6

vendor:realnetworksmodel:realplayer spscope:eqversion:1.0.1

Trust: 1.3

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.5

Trust: 1.3

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.4

Trust: 1.3

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.3

Trust: 1.3

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.2

Trust: 1.3

vendor:realnetworksmodel:realplayer spscope:eqversion:1.0.0

Trust: 1.0

vendor:realnetworksmodel:helix playerscope:eqversion:11.0.0

Trust: 1.0

vendor:realnetworksmodel:helix playerscope:eqversion:10.0

Trust: 1.0

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:*

Trust: 1.0

vendor:realnetworksmodel:helix playerscope:eqversion:11.0.1

Trust: 1.0

vendor:realnetworksmodel:realplayer enterprisescope: - version: -

Trust: 0.9

vendor:realmodel:realnetworks realplayerscope:eqversion:(enterprise)

Trust: 0.8

vendor:realmodel:realnetworks realplayerscope:eqversion:10

Trust: 0.8

vendor:realmodel:realnetworks realplayerscope:eqversion:10.5

Trust: 0.8

vendor:realmodel:realnetworks realplayerscope:eqversion:11

Trust: 0.8

vendor:realmodel:realnetworks realplayerscope:eqversion:sp 1.0.0

Trust: 0.8

vendor:realmodel:realnetworks realplayerscope:eqversion:sp 1.0.1

Trust: 0.8

vendor:realnetworksmodel:realplayerscope: - version: -

Trust: 0.7

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:realnetworksmodel:realplayer spscope:eqversion:1.0

Trust: 0.3

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:1.7

Trust: 0.3

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:1.6

Trust: 0.3

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:1.5

Trust: 0.3

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:1.2

Trust: 0.3

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:1.1

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.331

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.503

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.481

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.412

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.396

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.352

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.325

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.305

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:10

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.1.3114

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.9

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.8

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.7

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.6

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.5

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.4

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.3

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.2

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.1

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:10

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1741

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1698

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1675

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1663

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1483

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1348

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1235

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1069

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1059

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1056

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1053

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1040

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:11

Trust: 0.3

sources: ZDI: ZDI-10-008 // BID: 37880 // JVNDB: JVNDB-2010-001049 // CNNVD: CNNVD-201001-244 // NVD: CVE-2009-4244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-4244
value: HIGH

Trust: 1.0

NVD: CVE-2009-4244
value: HIGH

Trust: 0.8

ZDI: CVE-2009-4244
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201001-244
value: CRITICAL

Trust: 0.6

VULHUB: VHN-41690
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-4244
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2009-4244
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-41690
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-10-008 // VULHUB: VHN-41690 // JVNDB: JVNDB-2010-001049 // CNNVD: CNNVD-201001-244 // NVD: CVE-2009-4244

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-41690 // JVNDB: JVNDB-2010-001049 // NVD: CVE-2009-4244

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 85508 // CNNVD: CNNVD-201001-244

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201001-244

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001049

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-41690

PATCH
title:Releases Update to Address Security Vulnerabilitiesurl:http://service.real.com/realplayer/security/01192010_player/en
Trust: 0.8
title:セキュリティ脆弱性に対応するアップデートをリリースurl:http://service.real.com/realplayer/security/01192010_player/ja/
Trust: 0.8
title:RealNetworks has issued an update to correct this vulnerability.url:http://service.real.com/realplayer/security/01192010_player/en/
Trust: 0.7
sources:
            
            
            ZDI: ZDI-10-008 // 
            
            
            
            JVNDB: JVNDB-2010-001049

EXTERNAL IDS
db:NVDid:CVE-2009-4244
Trust: 3.6
db:ZDIid:ZDI-10-008
Trust: 2.8
db:BIDid:37880
Trust: 2.8
db:SECUNIAid:38218
Trust: 2.6
db:SECTRACKid:1023489
Trust: 2.5
db:VUPENid:ADV-2010-0178
Trust: 2.5
db:XFid:55797
Trust: 1.4
db:JVNDBid:JVNDB-2010-001049
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-317
Trust: 0.7
db:CNNVDid:CNNVD-201001-244
Trust: 0.7
db:BUGTRAQid:20100121 ZDI-10-008: REALNETWORKS REALPLAYER SIPR CODEC REMOTE CODE EXECUTION VULNERABILITY
Trust: 0.6
db:ZDIid:ZDI-10-010
Trust: 0.3
db:ZDIid:ZDI-10-006
Trust: 0.3
db:ZDIid:ZDI-10-005
Trust: 0.3
db:ZDIid:ZDI-10-007
Trust: 0.3
db:PACKETSTORMid:85508
Trust: 0.2
db:VULHUBid:VHN-41690
Trust: 0.1
db:PACKETSTORMid:85439
Trust: 0.1
sources:
            
            
            ZDI: ZDI-10-008 // 
            
            
            
            VULHUB: VHN-41690 // 
            
            
            
            BID: 37880 // 
            
            
            
            JVNDB: JVNDB-2010-001049 // 
            
            
            
            PACKETSTORM: 85439 // 
            
            
            
            PACKETSTORM: 85508 // 
            
            
            
            CNNVD: CNNVD-201001-244 // 
            
            
            
            NVD: CVE-2009-4244

REFERENCES
url:http://service.real.com/realplayer/security/01192010_player/en/
Trust: 2.9
url:http://www.securityfocus.com/bid/37880
Trust: 2.5
url:http://securitytracker.com/id?1023489
Trust: 2.5
url:http://secunia.com/advisories/38218
Trust: 2.5
url:http://www.vupen.com/english/advisories/2010/0178
Trust: 2.5
url:http://www.zerodayinitiative.com/advisories/zdi-10-008/
Trust: 2.0
url:http://xforce.iss.net/xforce/xfdb/55797
Trust: 1.4
url:http://www.securityfocus.com/archive/1/509098/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/55797
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4244
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4244
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/509098/100/0/threaded
Trust: 0.6
url:http://blogs.sun.com/security/entry/cve_2009_4247_buffer_overflow
Trust: 0.3
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=839
Trust: 0.3
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=837
Trust: 0.3
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=838
Trust: 0.3
url:http://www.realnetworks.com/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-10-005/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-10-006/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-10-007/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-10-010/
Trust: 0.3
url:/archive/1/509286
Trust: 0.3
url:/archive/1/509293
Trust: 0.3
url:/archive/1/509288
Trust: 0.3
url:/archive/1/509100
Trust: 0.3
url:/archive/1/509096
Trust: 0.3
url:/archive/1/509105
Trust: 0.3
url:/archive/1/509098
Trust: 0.3
url:/archive/1/509104
Trust: 0.3
url:http://secunia.com/advisories/38218/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/blog/71/
Trust: 0.1
url:http://secunia.com/advisories/33810/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/disclosure_policy/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-10-008
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
url:http://www.zerodayinitiative.com
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-4244
Trust: 0.1
sources:
            
            
            ZDI: ZDI-10-008 // 
            
            
            
            VULHUB: VHN-41690 // 
            
            
            
            BID: 37880 // 
            
            
            
            JVNDB: JVNDB-2010-001049 // 
            
            
            
            PACKETSTORM: 85439 // 
            
            
            
            PACKETSTORM: 85508 // 
            
            
            
            CNNVD: CNNVD-201001-244 // 
            
            
            
            NVD: CVE-2009-4244

CREDITS
Evgeny Legerov, anonymous researchers working with iDEFENSE Labs, John Rambo, Peter Vreugdenhil working with TippingPoint's Zero Day Initiative, and anonymous researchers working with TippingPoint's Zero Day Initiative
Trust: 0.9
sources:
            
            
            BID: 37880 // 
            
            
            
            CNNVD: CNNVD-201001-244

SOURCES
db:ZDIid:ZDI-10-008
db:VULHUBid:VHN-41690
db:BIDid:37880
db:JVNDBid:JVNDB-2010-001049
db:PACKETSTORMid:85439
db:PACKETSTORMid:85508
db:CNNVDid:CNNVD-201001-244
db:NVDid:CVE-2009-4244

LAST UPDATE DATE
2024-11-23T21:47:35.729000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-10-008date:2010-01-21T00:00:00
db:VULHUBid:VHN-41690date:2018-10-10T00:00:00
db:BIDid:37880date:2010-07-13T20:27:00
db:JVNDBid:JVNDB-2010-001049date:2010-02-17T00:00:00
db:CNNVDid:CNNVD-201001-244date:2010-01-26T00:00:00
db:NVDid:CVE-2009-4244date:2024-11-21T01:09:14.213

SOURCES RELEASE DATE
db:ZDIid:ZDI-10-008date:2010-01-21T00:00:00
db:VULHUBid:VHN-41690date:2010-01-25T00:00:00
db:BIDid:37880date:2010-01-20T00:00:00
db:JVNDBid:JVNDB-2010-001049date:2010-02-17T00:00:00
db:PACKETSTORMid:85439date:2010-01-20T16:00:34
db:PACKETSTORMid:85508date:2010-01-22T07:39:24
db:CNNVDid:CNNVD-201001-244date:2010-01-25T00:00:00
db:NVDid:CVE-2009-4244date:2010-01-25T19:30:01.400