Monday, October 18, 2010

Security Updates For RealPlayer

RealNetworks has released updated version of their RealPlayer. New version contains fixes to seven vulnerabilities:

CVE-2010-2998
RealPlayer Malformed IVR Pointer Index Code Execution Vulnerability
Affected software: Windows RealPlayer SP 1.0.1 and prior.

CVE-2010-3747
RealPlayer ActiveX Control CDDA URI Uninitialized Pointer Vulnerability
Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior.

CVE-2010-3750
RealPlayer RJMDSections Remote Code Execution Vulnerability
Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior.

CVE-2010-2578
RealPlayer QCP parsing heap-based buffer overflow vulnerability.
Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior.

CVE-2010-3751
RealPlayer ActiveX Control Multiple Protocol Handlers Remote Code Execution Vulnerability
Affected software: Windows RealPlayer SP 1.1.4 and prior.

CVE-2010-3748
RealPlayer RichFX Component Stack Overflow Vulnerability
Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior.

CVE-2010-3749
RealPlayer Browser Extension RecordClip Parameter Injection Vulnerability
Affected software: Windows RealPlayer SP 1.1 and prior.


Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.

No comments: