RealPlayer Multiple Memory Corruption and DoS Vulnerabilities

Release date:
Updated on:

Affected Systems:
Real Networks RealPlayer 14.0.2
Real Networks RealPlayer 11
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55473
CVE (CAN) ID: CVE-2012-2407, CVE-2012-2408, CVE-2012-2409, CVE-2012-2410, CVE-2012-3234

RealPlayer is a tool used to listen to and watch real-time audio, video, and Flash on the Internet.

RealPlayer 15.0.3.37 and earlier versions have multiple memory corruption and DoS Vulnerabilities. Attackers can exploit these vulnerabilities to execute arbitrary code in the affected applications.

1) buffer overflow may occur if an error occurs when the AAC stream data is released.

2) memory corruption can be caused by an error in decoding the aac sdk.

3) when processing RealMedia files, multiple errors can cause buffer overflow.

<* Source: Andrzej Dyjak

Link: http://secunia.com/advisories/50566/
Http://service.real.com/realplayer/security/09072012_player/en/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Real Networks
-------------
Real Networks has released a Security Bulletin (/09072012_player) for this purpose and corresponding patches:

/09072012_player: RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Link: http://service.real.com/realplayer/security/09072012_player/en/