Impact: System Access,Locally Exploitable,Remotely Exploitable
Affected Software: RealPlayer SP 1.x
Description: Multiple vulnerabilities have been reported in RealPlayer, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system.
1) An integer overflow error in the parsing of QCP files can be exploited to cause a heap-based buffer overflow via a specially crafted file.
2) An error in the processing of dimensions in the YUV420 transformation of content can be exploited to corrupt memory via a specially crafted file.
3) A boundary error in the parsing of QCP audio content can be exploited to cause a heap-based buffer via specially crafted files containing certain overly large size values.
4) Two integer overflow errors in the "ParseKnownType()" function when handling the "HX_FLV_META_AMF_TYPE_MIXEDARRAY" and "HX_FLV_META_AMF_TYPE_ARRAY" data types can be exploited to corrupt memory via specially crafted FLV files.
5) An unspecified error exists in the RealPlayer ActiveX IE Plugin when opening multiple browser windows.
The vulnerabilities are reported in version 1.1.4 and prior.
Note: 1) Alin Rad Pop, Secunia Research.
2, 3) Carsten Eiram, Secunia Research.
4) Sebastian Apelt, siberas via ZDI.
5) The vendor credits Steve Manzuik, Microsoft Vulnerability Research (MSVR).
Update to RealPlayer SP version 1.1.5.
Feedback: If you have additional information or corrections for this security advisory please contact us at advisory(at)triviasecurity.org