RealNetworks, Inc.
Releases Update to Address Security Vulnerabilities.
Updated December
10, 2010
RealNetworks is making available product upgrades that
contain security bug fixes. We have received no reports of any machines
actually being compromised as a result of the now-remedied vulnerabilities.
RealNetworks always recommends upgrading your product to the
most current version available to avoid security vulnerabilities.
Current
Software
The current versions
of our Player software are not affected by these vulnerabilities.
|
Software |
Affected? |
Operating System |
Language |
|
RealPlayer
14.0.1 |
No |
Windows
XP, Vista, Win7 |
All
Supported |
|
Mac
RealPlayer 12.0.0.1548 |
No |
Mac OS X
10.3 – 10.6 |
All
Supported |
|
RealPlayer
Enterprise 2.1.4 |
No |
Windows
XP, Vista, Win7 |
English |
|
Linux
RealPlayer 11.0.2.2315 |
No |
Linux |
English |
Affected
Software
The table below contains
a summary of which previous and current versions of the RealPlayer software are
susceptible to these vulnerabilities. The columns and cells in green are the
versions of each product where the issue has been resolved.
|
CVE Number |
RealPlayer |
RealPlayer SP |
RealPlayer SP |
RealPlayer SP 1.1.2 – 1.1.4 |
RealPlayer SP |
RealPlayer 14.0.0 |
|
RealPlayer Enterprise 2.1.2 |
RealPlayer Enterprise 2.1.3 |
RealPlayer Enterprise 2.1.4 |
|
Mac RealPlayer 11.0 – 11.1 |
Mac RealPlayer 12.0.0.1444 |
Mac RealPlayer 12.0.0.1548 |
|
Linux RealPlayer 11.0.2.1744 |
Linux RealPlayer 11.0.2.2315 |
|
CVE-2010-4384 |
X |
|
|
|
|
|
|
X |
|
|
|
X |
|
|
|
X |
|
|
CVE-2010-4375 |
X |
|
|
|
|
|
|
|
|
|
|
X |
|
|
|
X |
|
|
CVE-2010-2997 |
X |
X |
|
|
|
|
|
|
|
|
|
X |
|
|
|
X |
|
|
CVE-2010-2999 |
X |
X |
|
|
|
|
|
|
|
|
|
X |
|
|
|
X |
|
|
CVE-2010-4397 |
X |
X |
X |
|
|
|
|
|
|
|
|
X |
|
|
|
X |
|
|
CVE-2010-4376 |
X |
X |
X |
|
|
|
|
|
|
|
|
X |
|
|
|
X |
|
|
CVE-2010-4377 |
X |
X |
X |
X |
X |
|
|
|
|
|
|
X |
X |
|
|
X |
|
|
CVE-2010-4378 |
X |
X |
X |
X |
X |
|
|
X |
X |
|
|
|
|
|
|
X |
|
|
CVE-2010-0121 |
X |
X |
X |
X |
X |
|
|
|
|
|
|
X |
X |
|
|
X |
|
|
CVE-2010-2579 |
X |
X |
X |
X |
|
|
|
X |
|
|
|
X |
|
|
|
X |
|
|
CVE-2010-0125 |
X |
X |
X |
X |
|
|
|
X |
|
|
|
X |
X |
|
|
|
|
|
CVE-2010-4379 |
X |
X |
X |
X |
|
|
|
X |
|
|
|
X |
|
|
|
X |
|
|
CVE-2010-4380 |
X |
X |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
|
|
|
CVE-2010-4381 |
X |
X |
X |
X |
|
|
|
X |
|
|
|
X |
X |
|
|
|
|
|
CVE-2010-4382 |
X |
X |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
X |
|
|
CVE-2010-4383 |
X |
X |
X |
X |
|
|
|
X |
|
|
|
X |
X |
|
|
X |
|
|
CVE-2010-4385 |
X |
X |
X |
X |
|
|
|
X |
|
|
|
|
|
|
|
X |
|
|
CVE-2010-4386 |
X |
X |
X |
X |
|
|
|
|
|
|
|
|
|
|
|
X |
|
|
CVE-2010-4387 |
X |
X |
X |
X |
|
|
|
|
|
|
|
X |
X |
|
|
X |
|
|
CVE-2010-4396 |
X |
X |
X |
X |
X |
|
|
X |
|
|
|
|
|
|
|
|
|
|
CVE-2010-4388 |
X |
X |
X |
X |
X |
|
|
X |
X |
|
|
|
|
|
|
|
|
|
CVE-2010-4389 |
X |
X |
X |
X |
X |
|
|
|
|
|
|
|
|
|
|
X |
|
|
CVE-2010-4390 |
X |
X |
X |
X |
X |
|
|
|
|
|
|
|
|
|
|
X |
|
|
CVE-2010-4391 |
X |
X |
X |
X |
X |
|
|
X |
X |
|
|
|
|
|
|
|
|
|
CVE-2010-4392 |
X |
X |
X |
X |
X |
|
|
X |
X |
|
|
|
|
|
|
X |
|
|
CVE-2010-4394 |
X |
X |
X |
X |
X |
|
|
|
|
|
|
|
|
|
|
|
|
|
CVE-2010-4395 |
X |
X |
X |
X |
X |
|
|
|
|
|
|
|
|
|
|
X |
|
CVE Descriptions
CVE-2010-4384
RealPlayer Malformed RealMedia Media Properties Header
Uncontrolled Array Index Vulnerability
Affected software:
Windows RealPlayer 11.1 and prior; RealPlayer Enterprise 2.1.2 and prior; Mac
RealPlayer 11.0.1.949 and prior; Linux RealPlayer 11.0.2.1744 and prior.
Credit to anonymous
researchers working with TippingPoint's
Zero Day Initiative for reporting this issue.
CVE-2010-4375
RealPlayer Multi-Rate Audio Heap Overflow Vulnerability
Affected
software: Windows RealPlayer 11.1 and prior; Mac RealPlayer 11.1.0.1116 and prior; Linux RealPlayer 11.0.2.1744
and prior.
Credit to anonymous
researchers working with TippingPoint's
Zero Day Initiative for reporting this issue.
CVE-2010-2997
RealPlayer SMIL File Format StreamTitle Heap Corruption
Vulnerability
Affected
software: Windows RealPlayer SP 1.0.1 and prior; Mac RealPlayer
11.1.0.1116 and prior; Linux
RealPlayer 11.0.2.1744 and prior.
Credit to anonymous
researchers working with TippingPoint's
Zero Day Initiative for reporting this issue.
CVE-2010-2999
RealPlayer AAC MLLT Atom Parsing Integer Overflow Vulnerability
Affected
software: Windows RealPlayer SP 1.0.1 and prior; Mac RealPlayer
11.1.0.1116 and prior; Linux
RealPlayer 11.0.2.1744 and prior
Credit to anonymous
researchers working with TippingPoint's
Zero Day Initiative for reporting this issue.
CVE-2010-4397
RealPlayer AAC TIT2 Atom Integer Overflow Vulnerability
Affected
software: Windows RealPlayer SP 1.1.1 and prior; Mac RealPlayer
11.1.0.1116 and prior; Linux
RealPlayer 11.0.2.1744 and prior
Credit to anonymous
researchers working with TippingPoint's
Zero Day Initiative for reporting this issue.
CVE-2010-4376
RealPlayer RTSP GIF Parsing Heap Overflow Vulnerability
Affected
software: Windows RealPlayer SP 1.1.1 and prior; Mac RealPlayer 11.1.0.1116 and
prior; Linux RealPlayer 11.0.2.1744 and prior
Credit to anonymous
researchers working with TippingPoint's
Zero Day Initiative for reporting this issue.
CVE-2010-4377
RealPlayer Cook Audio Codec Heap Corruption Vulnerability
Affected
software: Windows RealPlayer SP 1.1.5 and prior; Mac RealPlayer 12.0.0.1444 and
prior; Linux RealPlayer 11.0.2.1744 and prior
Credit to anonymous
researchers working with TippingPoint's
Zero Day Initiative for reporting this issue.
CVE-2010-4378
RealPlayer RV20 Parsing Heap Corruption Vulnerability
Affected
software: Windows RealPlayer SP 1.1.5 and prior; RealPlayer Enterprise 2.1.3
and prior; Linux RealPlayer 11.0.2.1744 and
prior
Credit to anonymous
researchers working with TippingPoint's
Zero Day Initiative for reporting this issue.
CVE-2010-0121
RealPlayer Error in Cook Codec Initialization Function
Affected
software: Windows RealPlayer SP 1.1.5 and prior; Mac RealPlayer 12.0.0.1444 and
prior; Linux RealPlayer 11.0.2.1744 and prior
Credit to
Alin Rad Pop, Secunia Research
for reporting this issue.
CVE-2010-2579
RealPlayer Cook Codec Uninitialized Number of Channels Memory Access
Vulnerability
Affected
software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2
and prior; Mac RealPlayer 11.1 and prior; Linux RealPlayer 11.0.2.1744 and
prior
Credit to
Alin Rad Pop, Secunia Research
for reporting this issue.
CVE-2010-0125
RealPlayer AAC Spectral Data Parsing Vulnerability
Affected
software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2
and prior; Mac RealPlayer 12.0.0.1444 and prior
Credit to
Carsten Eiram, Secunia Researchh
for reporting this issue.
CVE-2010-4379
RealPlayer SIPR Heap Overflow Vulnerability
Affected software:
Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and
prior; Mac RealPlayer 11.1 and
prior; Linux RealPlayer 11.0.2.1744 and prior.
Credit to Nicolas Joly
of VUPEN Vulnerability Research Team
CVE-2010-4380
RealPlayer SOUND Heap Overflow Vulnerability
Affected
software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2
and prior.
Credit to Nicolas Joly
of VUPEN Vulnerability Research Team
CVE-2010-4381
RealPlayer AAC Heap Overflow Vulnerability
Affected
software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2
and prior; Mac RealPlayer 12.0 and
prior.
Credit to Nicolas Joly
of VUPEN Vulnerability Research Team
CVE-2010-4382
RealPlayer RealMedia Heap Overflow Vulnerabilities
Affected
software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2
and prior; Linux RealPlayer
11.0.2.1744 and prior.
Credit to Chaouki Bekrar
of VUPEN Vulnerability Research Team
CVE-2010-4383
RealPlayer RA5 Heap Overflow Vulnerability #2
Affected
software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and
prior; Mac RealPlayer 11.1 and prior; Linux RealPlayer 11.0.2.1744 and prior.
Credit to Chaouki Bekrar
of VUPEN Vulnerability Research Team
CVE-2010-4385
RealPlayer SIPR Stream Frame Dimensions Integer Overflow Vulnerability
Affected
software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2
and prior; Linux RealPlayer 11.0.2.1744 and prior
Credit to
Aaron Portnoy, Zef Cekaj and Logan Brown of TippingPoint DVLabs for reporting
this issue.
CVE-2010-4386
RealPlayer RealMedia Memory Heap Corruption Vulnerability
Affected
software: Windows RealPlayer SP 1.1.4 and prior; Linux RealPlayer 11.0.2.1744
and prior
Credit to
Omair, iDefense Labs for reporting this issue.
CVE-2010-4387
RealPlayer RealAudio Codec Memory Corruption Vulnerability
Affected
software: Windows RealPlayer SP 1.1.4 and prior; Mac RealPlayer 12.0.0.1379 and
prior; Linux RealPlayer 11.0.2.1744 and prior
Credit to
Omair, iDefense Labs for reporting this issue.
CVE-2010-4396
RealPlayer ActiveX
HandleAction Method Cross-Zone Scripting Vulnerability
Affected
software: Windows RealPlayer SP 1.1.5 and prior; RealPlayer Enterprise 2.1.2
and prior
Credit to anonymous
researchers working with TippingPoint's
Zero Day Initiative for reporting this issue.
CVE-2010-4388
RealPlayer Local HTML Files Remote Code Execution Cross Domain
Scripting Vulnerability
Affected
software: Windows RealPlayer SP 1.1.5 and prior; RealPlayer Enterprise 2.1.3
and prior
Credit to anonymous
researchers working with TippingPoint's
Zero Day Initiative for reporting this issue.
CVE-2010-4389
RealPlayer Cook Codec Initialization Buffer Index Heap Overflow
Vulnerability
Affected
software: Windows RealPlayer SP 1.1.5 and prior; Linux RealPlayer 11.0.2.1744
and prior
Credit to
Damian Put working with TippingPoint's
Zero Day Initiative for reporting this issue.
CVE-2010-4390
RealPlayer IVR File Header Heap Overflow Vulnerabilities
Affected
software: Windows RealPlayer SP 1.1.5 and prior; Linux RealPlayer 11.0.2.1744
and prior
Credit to
Aaron Portnoy and Logan Brown of TippingPoint
DVLabs and Team lollersk8erz for reporting this issue.
CVE-2010-4391
RealPlayer RMX Header Heap Overflow Vulnerability
Affected
software: Windows RealPlayer SP 1.1.5 and prior; RealPlayer Enterprise 2.1.3
and prior
Credit to
Sebastian Apelt (www.siberas.de) working with TippingPoint's Zero Day Initiative for reporting this issue.
CVE-2010-4392
RealPlayer ImageMap Heap Overflow Vulnerability
Affected
software: Windows RealPlayer SP 1.1.5 and prior; RealPlayer Enterprise 2.1.3
and prior; Linux RealPlayer 11.0.2.1744 and prior
Credit to
Sebastian Apelt and Andreas Schmidt (www.siberas.de)
working with TippingPoint's Zero Day Initiative for reporting this issue.
CVE-2010-4394
RealPlayer RealPix Server Header Heap Overflow Vulnerability
Affected
software: Windows RealPlayer SP 1.1.5 and prior
Credit to
AbdulAziz Hariri working with TippingPoint's Zero Day Initiative for reporting this issue.
CVE-2010-4395
RealPlayer Advanced Audio Coding Heap Overflow Vulnerability
Affected
software: Windows RealPlayer SP 1.1.5 and prior; Mac RealPlayer
11.1.0.1116 and prior; Linux
RealPlayer 11.0.2.1744 and prior
Credit to
Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.
Warranty:
RealNetworks
Inc. endeavors to provide you with the highest quality products and services,
but cannot guarantee, and does not warrant, that the operation of any
RealNetworks product will be error-free, uninterrupted or secure. Please see
your original license agreement for details of our limited warranty or warranty
disclaimer.