Sign-up

ID

VAR-201001-0743


CVE

CVE-2009-4241


TITLE

Realnetworks RealPlayer Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-001044

DESCRIPTION

Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption. This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site.The specific flaw exists during the parsing of files with improperly defined ASMRuleBook structures. A controllable memory allocation allows for an attacker to corrupt heap memory. Attacker controlled data from the corrupt heap is later used as an object pointer which can be leveraged to execute arbitrary code in the context of the currently logged in user. A remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Failed exploit attempts will result in a denial-of-service condition. The following are vulnerable: RealPlayer SP 1.0.0 through 1.0.1 RealPlayer 11 11.0.0 through 11.0.5 RealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741 RealPlayer 10 and 10.1 Helix Player 11.0.0 through 11.0.2. RealPlayer is an online listening tool software that realizes real-time transmission of audio and video through streaming technology on the Internet. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: RealPlayer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38218 VERIFY ADVISORY: http://secunia.com/advisories/38218/ DESCRIPTION: Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system. 1) An unspecified error related to the RealPlayer ASM Rulebook can be exploited to cause a heap-based buffer overflow. 2) An unspecified error when processing GIF images can be exploited to cause a heap-based buffer overflow. 3) A vulnerability is caused due to an unspecified error related to HTTP chunk encoding. 4) An unspecified error within the RealPlayer SIPR codec can be exploited to cause a heap-based buffer overflow. 5) An unspecified error when processing compressed GIF images can be exploited to cause a heap-based buffer overflow. 6) An unspecified error within the RealPlayer SMIL parsing can be exploited to cause a heap-based buffer overflow. 7) An unspecified error within the RealPlayer skin parsing can be exploited to cause a stack-based buffer overflow. 8) An unspecified error related to the RealPlayer ASM RuleBook can be exploited to cause an "array overflow". 9) An unspecified boundary error related to RealPlayer RTSP "set_parameter" can be exploited to cause a buffer overflow. 10) Two vulnerabilities are caused due to errors within the processing of Internet Video Recording (IVR) files. Please see the vendor's advisory for details. http://service.real.com/realplayer/security/01192010_player/en/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Evgeny Legerov * anonymous persons working with iDEFENSE Labs * John Rambo and anonymous researchers working with TippingPoint's Zero Day Initiative ORIGINAL ADVISORY: http://service.real.com/realplayer/security/01192010_player/en/ OTHER REFERENCES: SA33810: http://secunia.com/advisories/33810/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-005 January 21, 2010 -- CVE ID: CVE-2009-4241 -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks RealPlayer -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5783. -- Vendor Response: RealNetworks has issued an update to correct this vulnerability. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/

Trust: 2.79

sources: NVD: CVE-2009-4241 // JVNDB: JVNDB-2010-001044 // ZDI: ZDI-10-005 // BID: 37880 // VULHUB: VHN-41687 // PACKETSTORM: 85439 // PACKETSTORM: 85499

AFFECTED PRODUCTS

vendor:realnetworksmodel:realplayer spscope:eqversion:1.0.1

Trust: 1.9

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.5

Trust: 1.9

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.4

Trust: 1.9

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.3

Trust: 1.9

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.2

Trust: 1.9

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.1

Trust: 1.9

vendor:realnetworksmodel:realplayerscope:eqversion:10.5

Trust: 1.9

vendor:realnetworksmodel:realplayer spscope:eqversion:1.0.0

Trust: 1.6

vendor:realnetworksmodel:realplayerscope:eqversion:10.0

Trust: 1.6

vendor:realnetworksmodel:realplayerscope:eqversion:11.0

Trust: 1.6

vendor:realnetworksmodel:helix playerscope:eqversion:11.0.0

Trust: 1.0

vendor:realnetworksmodel:realplayerscope:eqversion:10.1

Trust: 1.0

vendor:realnetworksmodel:helix playerscope:eqversion:10.0

Trust: 1.0

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:*

Trust: 1.0

vendor:realnetworksmodel:helix playerscope:eqversion:11.0.1

Trust: 1.0

vendor:realnetworksmodel:realplayerscope:eqversion:11.0.0

Trust: 1.0

vendor:realmodel:realnetworks realplayerscope:eqversion:(enterprise)

Trust: 0.8

vendor:realmodel:realnetworks realplayerscope:eqversion:10

Trust: 0.8

vendor:realmodel:realnetworks realplayerscope:eqversion:10.5

Trust: 0.8

vendor:realmodel:realnetworks realplayerscope:eqversion:11

Trust: 0.8

vendor:realmodel:realnetworks realplayerscope:eqversion:sp 1.0.0

Trust: 0.8

vendor:realmodel:realnetworks realplayerscope:eqversion:sp 1.0.1

Trust: 0.8

vendor:realnetworksmodel:realplayerscope: - version: -

Trust: 0.7

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:realnetworksmodel:realplayer spscope:eqversion:1.0

Trust: 0.3

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:1.7

Trust: 0.3

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:1.6

Trust: 0.3

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:1.5

Trust: 0.3

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:1.2

Trust: 0.3

vendor:realnetworksmodel:realplayer enterprisescope:eqversion:1.1

Trust: 0.3

vendor:realnetworksmodel:realplayer enterprisescope: - version: -

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.331

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.503

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.481

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.412

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.396

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.352

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.325

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:1010.0.0.305

Trust: 0.3

vendor:realnetworksmodel:realplayer for mac osscope:eqversion:10

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.1.3114

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.9

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.8

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.7

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.6

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.5

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.4

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.3

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.2

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:1010.0.1

Trust: 0.3

vendor:realnetworksmodel:realplayer for linuxscope:eqversion:10

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1741

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1698

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1675

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1663

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1483

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1348

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1235

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1069

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1059

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1056

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1053

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:10.5v6.0.12.1040

Trust: 0.3

vendor:realnetworksmodel:realplayerscope:eqversion:11

Trust: 0.3

sources: ZDI: ZDI-10-005 // BID: 37880 // JVNDB: JVNDB-2010-001044 // CNNVD: CNNVD-201001-258 // NVD: CVE-2009-4241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-4241
value: HIGH

Trust: 1.0

NVD: CVE-2009-4241
value: HIGH

Trust: 0.8

ZDI: CVE-2009-4241
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201001-258
value: CRITICAL

Trust: 0.6

VULHUB: VHN-41687
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-4241
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2009-4241
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2

Trust: 0.7

VULHUB: VHN-41687
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-10-005 // VULHUB: VHN-41687 // JVNDB: JVNDB-2010-001044 // CNNVD: CNNVD-201001-258 // NVD: CVE-2009-4241

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-41687 // JVNDB: JVNDB-2010-001044 // NVD: CVE-2009-4241

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 85499 // CNNVD: CNNVD-201001-258

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201001-258

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001044

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-41687

PATCH
title:Releases Update to Address Security Vulnerabilitiesurl:http://service.real.com/realplayer/security/01192010_player/en
Trust: 0.8
title:セキュリティ脆弱性に対応するアップデートをリリースurl:http://service.real.com/realplayer/security/01192010_player/ja/
Trust: 0.8
title:RealPlayer11GOLDurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5474
Trust: 0.6
title:RealPlayer11GOLDurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5473
Trust: 0.6
title:RealPlayerSPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5472
Trust: 0.6
title:RealPlayerSPGoldurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5471
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2010-001044 // 
            
            
            
            CNNVD: CNNVD-201001-258

EXTERNAL IDS
db:NVDid:CVE-2009-4241
Trust: 3.6
db:ZDIid:ZDI-10-005
Trust: 2.8
db:BIDid:37880
Trust: 2.8
db:SECUNIAid:38218
Trust: 2.6
db:SECTRACKid:1023489
Trust: 2.5
db:VUPENid:ADV-2010-0178
Trust: 2.5
db:XFid:55794
Trust: 1.4
db:JVNDBid:JVNDB-2010-001044
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-252
Trust: 0.7
db:CNNVDid:CNNVD-201001-258
Trust: 0.7
db:BUGTRAQid:20100121 ZDI-10-005: REALNETWORKS REALPLAYER ASMRULEBOOK REMOTE CODE EXECUTION VULNERABILITY
Trust: 0.6
db:ZDIid:ZDI-10-010
Trust: 0.3
db:ZDIid:ZDI-10-008
Trust: 0.3
db:ZDIid:ZDI-10-006
Trust: 0.3
db:ZDIid:ZDI-10-007
Trust: 0.3
db:PACKETSTORMid:85499
Trust: 0.2
db:VULHUBid:VHN-41687
Trust: 0.1
db:PACKETSTORMid:85439
Trust: 0.1
sources:
            
            
            ZDI: ZDI-10-005 // 
            
            
            
            VULHUB: VHN-41687 // 
            
            
            
            BID: 37880 // 
            
            
            
            JVNDB: JVNDB-2010-001044 // 
            
            
            
            PACKETSTORM: 85439 // 
            
            
            
            PACKETSTORM: 85499 // 
            
            
            
            CNNVD: CNNVD-201001-258 // 
            
            
            
            NVD: CVE-2009-4241

REFERENCES
url:http://www.securityfocus.com/bid/37880
Trust: 2.5
url:http://securitytracker.com/id?1023489
Trust: 2.5
url:http://secunia.com/advisories/38218
Trust: 2.5
url:http://www.vupen.com/english/advisories/2010/0178
Trust: 2.5
url:http://service.real.com/realplayer/security/01192010_player/en/
Trust: 2.2
url:http://www.zerodayinitiative.com/advisories/zdi-10-005/
Trust: 2.0
url:http://xforce.iss.net/xforce/xfdb/55794
Trust: 1.4
url:http://www.securityfocus.com/archive/1/509100/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/55794
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4241
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4241
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/509100/100/0/threaded
Trust: 0.6
url:http://blogs.sun.com/security/entry/cve_2009_4247_buffer_overflow
Trust: 0.3
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=839
Trust: 0.3
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=837
Trust: 0.3
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=838
Trust: 0.3
url:http://www.realnetworks.com/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-10-006/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-10-007/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-10-008/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-10-010/
Trust: 0.3
url:/archive/1/509286
Trust: 0.3
url:/archive/1/509293
Trust: 0.3
url:/archive/1/509288
Trust: 0.3
url:/archive/1/509100
Trust: 0.3
url:/archive/1/509096
Trust: 0.3
url:/archive/1/509105
Trust: 0.3
url:/archive/1/509098
Trust: 0.3
url:/archive/1/509104
Trust: 0.3
url:http://secunia.com/advisories/38218/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/blog/71/
Trust: 0.1
url:http://secunia.com/advisories/33810/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/disclosure_policy/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-10-005
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
url:http://www.zerodayinitiative.com
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-4241
Trust: 0.1
sources:
            
            
            VULHUB: VHN-41687 // 
            
            
            
            BID: 37880 // 
            
            
            
            JVNDB: JVNDB-2010-001044 // 
            
            
            
            PACKETSTORM: 85439 // 
            
            
            
            PACKETSTORM: 85499 // 
            
            
            
            CNNVD: CNNVD-201001-258 // 
            
            
            
            NVD: CVE-2009-4241

CREDITS
Evgeny Legerov, anonymous researchers working with iDEFENSE Labs, John Rambo, Peter Vreugdenhil working with TippingPoint's Zero Day Initiative, and anonymous researchers working with TippingPoint's Zero Day Initiative
Trust: 0.9
sources:
            
            
            BID: 37880 // 
            
            
            
            CNNVD: CNNVD-201001-258

SOURCES
db:ZDIid:ZDI-10-005
db:VULHUBid:VHN-41687
db:BIDid:37880
db:JVNDBid:JVNDB-2010-001044
db:PACKETSTORMid:85439
db:PACKETSTORMid:85499
db:CNNVDid:CNNVD-201001-258
db:NVDid:CVE-2009-4241

LAST UPDATE DATE
2024-11-23T21:47:35.445000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-10-005date:2021-07-15T00:00:00
db:VULHUBid:VHN-41687date:2018-10-10T00:00:00
db:BIDid:37880date:2010-07-13T20:27:00
db:JVNDBid:JVNDB-2010-001044date:2010-02-17T00:00:00
db:CNNVDid:CNNVD-201001-258date:2010-01-26T00:00:00
db:NVDid:CVE-2009-4241date:2024-11-21T01:09:13.803

SOURCES RELEASE DATE
db:ZDIid:ZDI-10-005date:2010-01-21T00:00:00
db:VULHUBid:VHN-41687date:2010-01-25T00:00:00
db:BIDid:37880date:2010-01-20T00:00:00
db:JVNDBid:JVNDB-2010-001044date:2010-02-17T00:00:00
db:PACKETSTORMid:85439date:2010-01-20T16:00:34
db:PACKETSTORMid:85499date:2010-01-22T06:34:17
db:CNNVDid:CNNVD-201001-258date:2010-01-25T00:00:00
db:NVDid:CVE-2009-4241date:2010-01-25T19:30:00.980