Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0923

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-0923
Last Modified 24 Feb 2012 11:21:15
Published 08 Feb 2012 10:55:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0923

Summary

The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream.

Vulnerable Systems

Application

  • Realnetworks Realplayer 11 Build 6.0.14.748

  • Realnetworks Realplayer 11.0

  • Realnetworks Realplayer 11.0.1

  • Realnetworks Realplayer 11.0.2

  • Realnetworks Realplayer 11.0.2.1744

  • Realnetworks Realplayer 11.0.2.2315

  • Realnetworks Realplayer 11.0.3

  • Realnetworks Realplayer 11.0.4

  • Realnetworks Realplayer 11.0.5

  • Realnetworks Realplayer 11.1

  • Realnetworks Realplayer 11.1.3

  • Realnetworks Realplayer 14.0.0

  • Realnetworks Realplayer 14.0.1

  • Realnetworks Realplayer 14.0.1.609

  • Realnetworks Realplayer 14.0.1.633

  • Realnetworks Realplayer 14.0.2

  • Realnetworks Realplayer 14.0.3

  • Realnetworks Realplayer 14.0.4

  • Realnetworks Realplayer 14.0.5

  • Realnetworks Realplayer 14.0.6

  • Realnetworks Realplayer 14.0.7

  • Realnetworks Realplayer 15.0.0

  • Realnetworks Realplayer 15.0.1.13

  • Realnetworks Realplayer Sp 1.0.0

  • Realnetworks Realplayer Sp 1.0.1

  • Realnetworks Realplayer Sp 1.0.2

  • Realnetworks Realplayer Sp 1.0.5

  • Realnetworks Realplayer Sp 1.1

  • Realnetworks Realplayer Sp 1.1.1

  • Realnetworks Realplayer Sp 1.1.2

  • Realnetworks Realplayer Sp 1.1.3

  • Realnetworks Realplayer Sp 1.1.4

  • Realnetworks Realplayer Sp 1.1.5


References

CONFIRM - http://service.real.com/realplayer/security/02062012_player/en/

BID - 51884

SECUNIA - 47896

OSVDB - 78912

Related Patches

RealPlayer (English) 15 (15.0.2.72) for Windows (Update)


Last Updated: 27 May 2016 10:58:12