Update Protection against RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution Vulnerability
| Check Point Reference: | CPAI-2010-416 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA41743 | |
| Industry Reference(s): | CVE-2010-3747 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? RealNetworks Realplayer 11.0 - 11.1 RealNetworks Realplayer SP 1.0 - 1.1.4 | ||
| Vulnerability Description A remote code execution vulnerability has been reported in RealNetworks RealPlayer ActiveX control. RealPlayer is a media player application developed by RealNetworks Inc. This application is capable of playing back numerous multimedia file formats and can open media files from local file system or network servers. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system. |
||
|
Update/Patch Available The vendor, RealNetworks, has released an advisory addressing this vulnerability. |
|
|
Vulnerability Details The vulnerability is due to access to uninitialized memory during processing of CDDA URIs. A remote attacker may leverage this issue by enticing a target user to open a crafted web file. Successful exploitation of this vulnerability would allow an attacker to execute arbitrary code in the security context of the logged in user, and may cause an abnormal termination of the affected product. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choiceץ
To configure the defense, select your product from the list below and follow the related protection steps.