Signature Detail

HTTP: RealPlayer FLV Memory Corruption

This signature detects attempts to exploit a known vulnerability against RealPlayer FLV decoder. A successful attack can lead to arbitrary code execution.

Extended Description

Real Networks RealPlayer & RealPlayer SP are prone to multiple security vulnerabilities, including remote code-execution issues, an unauthorized access issue, a potential denial-of-service issue, and an unspecified issue. Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected application, cause denial-of-service conditions, or access files without proper authorization. Other attacks may also be possible. RealPlayer 11.1 and RealPlayer SP 1.1.4 and prior are vulnerable.

Affected Products

• Real Networks RealPlayer 11
• Real Networks RealPlayer 11.0.1
• Real Networks RealPlayer 11.0.2
• Real Networks RealPlayer 11.0.3
• Real Networks RealPlayer 11.0.4
• Real Networks RealPlayer 11.0.5
• Real Networks RealPlayer 11.1
• Real Networks RealPlayer 11 Beta
• Real Networks RealPlayer 11 Build 6.0.14.748
• Real Networks RealPlayer 11 Beta 6.0.14.550
• Real Networks RealPlayer SP 1.0.0
• Real Networks RealPlayer SP 1.0.1
• Real Networks RealPlayer SP 1.0.2
• Real Networks RealPlayer SP 1.0.5
• Real Networks RealPlayer SP 1.1.4

References

• BugTraq: 42775
• CVE: CVE-2010-0116
• CVE: CVE-2010-0117
• CVE: CVE-2010-0120
• CVE: CVE-2010-2996
• CVE: CVE-2010-3000
• CVE: CVE-2010-3001
• CVE: CVE-2010-3002
• URL: http://service.real.com/realplayer/security/08262010_player/en/
• URL: http://www.zerodayinitiative.com/advisories/ZDI-10-166/
• URL: http://www.zerodayinitiative.com/advisories/ZDI-10-167
• URL: http://www.realnetworks.com/
• URL: http://secunia.com/secunia_research/2010-8/
• URL: http://secunia.com/secunia_research/2010-3/
• URL: http://secunia.com/secunia_research/2010-5/