RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Updated December 10, 2010


 

RealNetworks is making available product upgrades that contain security bug fixes. We have received no reports of any machines actually being compromised as a result of the now-remedied vulnerabilities.

RealNetworks always recommends upgrading your product to the most current version available to avoid security vulnerabilities. 



 

Current Software
The current versions of our Player software are not affected by these vulnerabilities.

Software

Affected?

Operating System

Language

RealPlayer 14.0.1

No

Windows XP, Vista, Win7

All Supported

Mac RealPlayer 12.0.0.1548

No

Mac OS X 10.3 – 10.6

All Supported

RealPlayer Enterprise 2.1.4

No

Windows XP, Vista, Win7

English

Linux RealPlayer 11.0.2.2315

No

Linux

English

 

Affected Software
The table below contains a summary of which previous and current versions of the RealPlayer software are susceptible to these vulnerabilities. The columns and cells in green are the versions of each product where the issue has been resolved.

 

CVE Number

RealPlayer
11.0 – 11.1

RealPlayer SP
1.0 – 1.0.1

RealPlayer SP
1.0.2 – 1.1.1

RealPlayer SP 1.1.2 – 1.1.4

RealPlayer SP
1.1.5

RealPlayer 14.0.0

 

RealPlayer Enterprise 2.1.2

RealPlayer Enterprise 2.1.3

RealPlayer Enterprise 2.1.4

 

Mac RealPlayer 11.0 – 11.1

Mac RealPlayer 12.0.0.1444

Mac RealPlayer 12.0.0.1548

 

Linux RealPlayer 11.0.2.1744

Linux RealPlayer 11.0.2.2315

CVE-2010-4384

X

 

 

 

 

 

 

X

 

 

 

X

 

 

 

X

 

CVE-2010-4375

X

 

 

 

 

 

 

 

 

 

 

X

 

 

 

X

 

CVE-2010-2997

X

X

 

 

 

 

 

 

 

 

 

X

 

 

 

X

 

CVE-2010-2999

X

X

 

 

 

 

 

 

 

 

 

X

 

 

 

X

 

CVE-2010-4397

X

X

X

 

 

 

 

 

 

 

 

X

 

 

 

X

 

CVE-2010-4376

X

X

X

 

 

 

 

 

 

 

 

X

 

 

 

X

 

CVE-2010-4377

X

X

X

X

X

 

 

 

 

 

 

X

X

 

 

X

 

CVE-2010-4378

X

X

X

X

X

 

 

X

X

 

 

 

 

 

 

X

 

CVE-2010-0121

X

X

X

X

X

 

 

 

 

 

 

X

X

 

 

X

 

CVE-2010-2579

X

X

X

X

 

 

 

X

 

 

 

X

 

 

 

X

 

CVE-2010-0125

X

X

X

X

 

 

 

X

 

 

 

X

X

 

 

 

 

CVE-2010-4379

X

X

X

X

 

 

 

X

 

 

 

X

 

 

 

X

 

CVE-2010-4380

X

X

X

X

 

 

 

X

 

 

 

 

 

 

 

 

 

CVE-2010-4381

X

X

X

X

 

 

 

X

 

 

 

X

X

 

 

 

 

CVE-2010-4382

X

X

X

X

 

 

 

X

 

 

 

 

 

 

 

X

 

CVE-2010-4383

X

X

X

X

 

 

 

X

 

 

 

X

X

 

 

X

 

CVE-2010-4385

X

X

X

X

 

 

 

X

 

 

 

 

 

 

 

X

 

CVE-2010-4386

X

X

X

X

 

 

 

 

 

 

 

 

 

 

 

X

 

CVE-2010-4387

X

X

X

X

 

 

 

 

 

 

 

X

X

 

 

X

 

CVE-2010-4396

X

X

X

X

X

 

 

X

 

 

 

 

 

 

 

 

 

CVE-2010-4388

X

X

X

X

X

 

 

X

X

 

 

 

 

 

 

 

 

CVE-2010-4389

X

X

X

X

X

 

 

 

 

 

 

 

 

 

 

X

 

CVE-2010-4390

X

X

X

X

X

 

 

 

 

 

 

 

 

 

 

X

 

CVE-2010-4391

X

X

X

X

X

 

 

X

X

 

 

 

 

 

 

 

 

CVE-2010-4392

X

X

X

X

X

 

 

X

X

 

 

 

 

 

 

X

 

CVE-2010-4394

X

X

X

X

X

 

 

 

 

 

 

 

 

 

 

 

 

CVE-2010-4395

X

X

X

X

X

 

 

 

 

 

 

 

 

 

 

X

 

 

 

 

CVE Descriptions

 

CVE-2010-4384

RealPlayer Malformed RealMedia Media Properties Header Uncontrolled Array Index Vulnerability

Affected software: Windows RealPlayer 11.1 and prior; RealPlayer Enterprise 2.1.2 and prior; Mac RealPlayer 11.0.1.949 and prior; Linux RealPlayer 11.0.2.1744 and prior.

Credit to anonymous researchers working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-4375

RealPlayer Multi-Rate Audio Heap Overflow Vulnerability

Affected software: Windows RealPlayer 11.1 and prior; Mac RealPlayer 11.1.0.1116  and prior; Linux RealPlayer 11.0.2.1744 and prior.

Credit to anonymous researchers working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-2997

RealPlayer SMIL File Format StreamTitle Heap Corruption Vulnerability

Affected software: Windows RealPlayer SP 1.0.1 and prior; Mac RealPlayer 11.1.0.1116  and prior; Linux RealPlayer 11.0.2.1744 and prior.

Credit to anonymous researchers working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-2999

RealPlayer AAC MLLT Atom Parsing Integer Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.0.1 and prior; Mac RealPlayer 11.1.0.1116  and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to anonymous researchers working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-4397

RealPlayer AAC TIT2 Atom Integer Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.1.1 and prior; Mac RealPlayer 11.1.0.1116  and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to anonymous researchers working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-4376        

RealPlayer RTSP GIF Parsing Heap Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.1.1 and prior; Mac RealPlayer 11.1.0.1116 and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to anonymous researchers working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-4377

RealPlayer Cook Audio Codec Heap Corruption Vulnerability

Affected software: Windows RealPlayer SP 1.1.5 and prior; Mac RealPlayer 12.0.0.1444 and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to anonymous researchers working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-4378

RealPlayer RV20 Parsing Heap Corruption Vulnerability

Affected software: Windows RealPlayer SP 1.1.5 and prior; RealPlayer Enterprise 2.1.3 and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to anonymous researchers working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-0121

RealPlayer Error in Cook Codec Initialization Function

Affected software: Windows RealPlayer SP 1.1.5 and prior; Mac RealPlayer 12.0.0.1444 and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to Alin Rad Pop, Secunia Research for reporting this issue.

 

CVE-2010-2579

RealPlayer Cook Codec Uninitialized Number of Channels Memory Access Vulnerability

Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior; Mac RealPlayer 11.1 and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to Alin Rad Pop, Secunia Research for reporting this issue.

 

CVE-2010-0125

RealPlayer AAC Spectral Data Parsing Vulnerability

Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior; Mac RealPlayer 12.0.0.1444 and prior

Credit to Carsten Eiram, Secunia Researchh for reporting this issue.

 

CVE-2010-4379

RealPlayer SIPR Heap Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior;  Mac RealPlayer 11.1 and prior; Linux RealPlayer 11.0.2.1744 and prior.

Credit to Nicolas Joly of VUPEN Vulnerability Research Team

 

CVE-2010-4380

RealPlayer SOUND Heap Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior.

Credit to Nicolas Joly of VUPEN Vulnerability Research Team

 

CVE-2010-4381

RealPlayer AAC Heap Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior;  Mac RealPlayer 12.0 and prior.

Credit to Nicolas Joly of VUPEN Vulnerability Research Team

 

CVE-2010-4382

RealPlayer RealMedia Heap Overflow Vulnerabilities

Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior;  Linux RealPlayer 11.0.2.1744 and prior.

Credit to Chaouki Bekrar of VUPEN Vulnerability Research Team

 

CVE-2010-4383

RealPlayer RA5 Heap Overflow Vulnerability #2

Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior; Mac RealPlayer 11.1 and prior; Linux RealPlayer 11.0.2.1744 and prior.

Credit to Chaouki Bekrar of VUPEN Vulnerability Research Team

 

CVE-2010-4385        

RealPlayer SIPR Stream Frame Dimensions Integer Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to Aaron Portnoy, Zef Cekaj and Logan Brown of TippingPoint DVLabs for reporting this issue.

 

CVE-2010-4386

RealPlayer RealMedia Memory Heap Corruption Vulnerability

Affected software: Windows RealPlayer SP 1.1.4 and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to Omair, iDefense Labs for reporting this issue.

 

CVE-2010-4387        

RealPlayer RealAudio Codec Memory Corruption Vulnerability

Affected software: Windows RealPlayer SP 1.1.4 and prior; Mac RealPlayer 12.0.0.1379 and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to Omair, iDefense Labs for reporting this issue.

 

CVE-2010-4396

RealPlayer ActiveX  HandleAction Method Cross-Zone Scripting Vulnerability

Affected software: Windows RealPlayer SP 1.1.5 and prior; RealPlayer Enterprise 2.1.2 and prior

Credit to anonymous researchers working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-4388

RealPlayer Local HTML Files Remote Code Execution Cross Domain Scripting Vulnerability

Affected software: Windows RealPlayer SP 1.1.5 and prior; RealPlayer Enterprise 2.1.3 and prior

Credit to anonymous researchers working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-4389

RealPlayer Cook Codec Initialization Buffer Index Heap Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.1.5 and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-4390

RealPlayer IVR File Header Heap Overflow Vulnerabilities

Affected software: Windows RealPlayer SP 1.1.5 and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to Aaron Portnoy and Logan Brown of TippingPoint DVLabs and Team lollersk8erz for reporting this issue.

 

CVE-2010-4391

RealPlayer RMX Header Heap Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.1.5 and prior; RealPlayer Enterprise 2.1.3 and prior

Credit to Sebastian Apelt (www.siberas.de) working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-4392

RealPlayer ImageMap Heap Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.1.5 and prior; RealPlayer Enterprise 2.1.3 and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to Sebastian Apelt and Andreas Schmidt (www.siberas.de) working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-4394

RealPlayer RealPix Server Header Heap Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.1.5 and prior

Credit to AbdulAziz Hariri working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2010-4395

RealPlayer Advanced Audio Coding Heap Overflow Vulnerability

Affected software: Windows RealPlayer SP 1.1.5 and prior; Mac RealPlayer 11.1.0.1116  and prior; Linux RealPlayer 11.0.2.1744 and prior

Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

 

 

 

Warranty:

RealNetworks Inc. endeavors to provide you with the highest quality products and services, but cannot guarantee, and does not warrant, that the operation of any RealNetworks product will be error-free, uninterrupted or secure. Please see your original license agreement for details of our limited warranty or warranty disclaimer.