Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в RealNetworks RealPlayer
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12415
Тип:клиент
Уровень опасности:
6/10
Описание:Многочисленные уязвимости при разборе различных форматов.
Затронутые продукты:REAL : RealPlayer SP 1.1
 REAL : RealPlayer 15.02
CVE:CVE-2012-0926 (The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.)
 CVE-2012-0922 (rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.)
 CVE-2011-4261 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.)
 CVE-2011-4260 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.)
 CVE-2011-4247 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.)
Оригинальный текстdocumentZDI, ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-086 : RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-085 : RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-084 : RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability (13.06.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород