RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Updated November 18, 2011

 

RealNetworks is making available product upgrades that contain security bug fixes. We have received no reports of any machines actually being compromised as a result of the now-remedied vulnerabilities.

RealNetworks always recommends upgrading your product to the most current version available to avoid security vulnerabilities. 



 

Current Software
The current versions of our Player software are not affected by these vulnerabilities.

Software

Affected?

Operating System

Language

RealPlayer 15.0.0

No

Windows XP, Vista, Win7

All Supported

Mac RealPlayer 12.0.0.1703

No

Mac OS X 10.3 – 10.6

All Supported

 

Affected Software
The table below contains a summary of which previous and current versions of the RealPlayer software are susceptible to these vulnerabilities. The columns and cells in green are the versions of each product where the issue has been resolved.

 

CVE Number

RealPlayer
11.0 – 11.1

RealPlayer SP 1.0 – 1.1.5

RealPlayer 14.0.0 – 14.0.7

RealPlayer 15.0

 

Mac RealPlayer 12.0.0.1701

Mac RealPlayer 12.0.0.1703

CVE-2011-4244

X

X

X

 

 

 

 

CVE-2011-4245

X

X

X

 

 

X

 

CVE-2011-4246

X

X

X

 

 

X

 

CVE-2011-4247

X

X

X

 

 

 

 

CVE-2011-4248

X

X

X

 

 

 

 

CVE-2011-4249

X

X

X

 

 

 

 

CVE-2011-4250

X

X

X

 

 

X

 

CVE-2011-4251

X

X

X

 

 

 

 

CVE-2011-4252

X

X

X

 

 

X

 

CVE-2011-4253

X

X

X

 

 

X

 

CVE-2011-4254

X

X

X

 

 

 

 

CVE-2011-4255

X

X

X

 

 

X

 

CVE-2011-4256

X

X

X

 

 

X

 

CVE-2011-4257

X

X

X

 

 

 

 

CVE-2011-4258

X

X

X

 

 

 

 

CVE-2011-4259

X

X

X

 

 

 

 

CVE-2011-4260

X

X

X

 

 

 

 

CVE-2011-4261

X

X

X

 

 

 

 

CVE-2011-4262

X

X

X

 

 

 

 

 

 

CVE Descriptions

 

CVE-2011-4244

RealPlayer RealVideo Renderer Heap Buffer Overflow Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Omair, iDefense Labs  for reporting this issue.

 

CVE-2011-4245

RealPlayer RealVideo Renderer Memory Corruption Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior, Mac RealPlayer 12.0.0.1701 and prior.

Credit to Andrzej Dyjak, iDefense Labs  for reporting this issue.

 

CVE-2011-4246

RealPlayer AAC Codec Memory Corruption Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior, Mac RealPlayer 12.0.0.1701 and prior.

Credit to Andrzej Dyjak, iDefense Labs  for reporting this issue.

 

CVE-2011-4247

Realplayer QCELP Stream Parsing Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4248

RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Luigi Auriemma working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4249

RealPlayer RV30 Sample Arbitrary Index Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4250

RealPlayer ATRC Codec Parsing Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior, Mac RealPlayer 12.0.0.1701 and prior.

Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4251

RealPlayer RealAudio Sample Size Parsing Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4252

RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior, Mac RealPlayer 12.0.0.1701 and prior.

Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4253

RealPlayer RV20 Decoding Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior, Mac RealPlayer 12.0.0.1701 and prior.

Credit to Damian Put and Andrzej Dyjak working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4254

RealPlayer RTSP SETUP Request Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Luigi Auriemma working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4255

RealPlayer Invalid Codec Name Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior, Mac RealPlayer 12.0.0.1701 and prior.

Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4256

RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior, Mac RealPlayer 12.0.0.1701 and prior.

Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4257

RealPlayer Cook Codec Channel Parsing Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4258

RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Damian Put and Luigi Auriemma working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4259

RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Luigi Auriemma working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4260

RealPlayer MP4 Malformed Header Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Luigi Auriemma working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4261

RealPlayer MP4 Video Dimensions Heap Corruption Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Luigi Auriemma working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-4262

RealPlayer MP4 File Parsing Remote Code Execution Vulnerability

Affected software: Windows RealPlayer 14.0.7 and prior.

Credit to Alexander Gavrun working with TippingPoint's Zero Day Initiative for reporting this issue.

 

 

Warranty:

RealNetworks Inc. endeavors to provide you with the highest quality products and services, but cannot guarantee, and does not warrant, that the operation of any RealNetworks product will be error-free, uninterrupted or secure. Please see your original license agreement for details of our limited warranty or warranty disclaimer.