ID

VAR-201001-0744

CVE

CVE-2009-4242

TITLE

Realnetworks RealPlayer Vulnerabilities in arbitrary code execution

DESCRIPTION

Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation. This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site.The specific flaw exists during the parsing of GIF files with forged chunk sizes. The player uses values from the file improperly when allocating a buffer on the heap. An attacker can abuse this to create and then overflow heap buffers leading to arbitrary code execution in the context of the currently logged in user. RealPlayer SP, RealPlayer, and Helix Player are prone to multiple remote vulnerabilities, including heap- and stack-based buffer-overflow issues. A remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Failed exploit attempts will result in a denial-of-service condition. The following are vulnerable: RealPlayer SP 1.0.0 through 1.0.1 RealPlayer 11 11.0.0 through 11.0.5 RealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741 RealPlayer 10 and 10.1 Helix Player 11.0.0 through 11.0.2. RealNetworks RealNetworks RealPlayer is a set of media player products developed by RealNetworks in the United States. The product provides features for downloading/converting videos (in web pages), editing videos, managing media files, and more. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: RealPlayer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38218 VERIFY ADVISORY: http://secunia.com/advisories/38218/ DESCRIPTION: Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system. 1) An unspecified error related to the RealPlayer ASM Rulebook can be exploited to cause a heap-based buffer overflow. 2) An unspecified error when processing GIF images can be exploited to cause a heap-based buffer overflow. 3) A vulnerability is caused due to an unspecified error related to HTTP chunk encoding. 4) An unspecified error within the RealPlayer SIPR codec can be exploited to cause a heap-based buffer overflow. 5) An unspecified error when processing compressed GIF images can be exploited to cause a heap-based buffer overflow. 6) An unspecified error within the RealPlayer SMIL parsing can be exploited to cause a heap-based buffer overflow. 7) An unspecified error within the RealPlayer skin parsing can be exploited to cause a stack-based buffer overflow. 8) An unspecified error related to the RealPlayer ASM RuleBook can be exploited to cause an "array overflow". 9) An unspecified boundary error related to RealPlayer RTSP "set_parameter" can be exploited to cause a buffer overflow. 10) Two vulnerabilities are caused due to errors within the processing of Internet Video Recording (IVR) files. Please see the vendor's advisory for details. http://service.real.com/realplayer/security/01192010_player/en/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Evgeny Legerov * anonymous persons working with iDEFENSE Labs * John Rambo and anonymous researchers working with TippingPoint's Zero Day Initiative ORIGINAL ADVISORY: http://service.real.com/realplayer/security/01192010_player/en/ OTHER REFERENCES: SA33810: http://secunia.com/advisories/33810/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA38218 SOLUTION: Updated packages are available via Red Hat Network. ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-006 January 21, 2010 -- CVE ID: CVE-2009-4242 -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks RealPlayer -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 0. -- Vendor Response: RealNetworks has issued an update to correct this vulnerability. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Evgeny Legerov, anonymous researchers working with iDEFENSE Labs, John Rambo, Peter Vreugdenhil working with TippingPoint's Zero Day Initiative, and anonymous researchers working with TippingPoint's Zero Day Initiative

SOURCES

LAST UPDATE DATE

2024-11-23T21:47:35.387000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE