RealNetworks has released updated version of their RealPlayer. New version contains fixes to seven vulnerabilities:
CVE-2010-2996
RealPlayer malformed IVR pointer index code execution vulnerability.
Affected software: Windows RealPlayer 11.1 and prior.
CVE-2010-3002
RealPlayerActiveX unauthorized file access vulnerability.
Affected software: Windows RealPlayer 11.1 and prior.
CVE-2010-0116
RealPlayer QCP files parsing integer overflow vulnerability.
Affected software: Windows RealPlayer SP 1.1.4 and prior.
CVE-2010-0117
RealPlayer processing of dimensions in the YUV420 transformation of MP4 content vulnerability.
Affected software: Windows RealPlayer SP 1.1.4 and prior.
CVE-2010-0120
RealPlayer QCP parsing heap-based buffer overflow vulnerability.
Affected software: Windows RealPlayer SP 1.1.4 and prior.
CVE-2010-3001
RealPlayer ActiveX IE Plugin vulnerability opening multiple browser windows.
Affected software: Windows RealPlayer SP 1.1.4 and prior.
CVE-2010-3000
RealPlayer FLV parsing multiple integer overflow vulnerability.
Affected software: Windows RealPlayer SP 1.1.4 and prior.
Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment