----------------------------------------------------------------------



Secunia integrated with Microsoft WSUS 
http://secunia.com/blog/71/



----------------------------------------------------------------------

TITLE:
RealPlayer Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA38218

VERIFY ADVISORY:
http://secunia.com/advisories/38218/

DESCRIPTION:
Some vulnerabilities have been reported in RealPlayer, which can be
exploited by malicious people to compromise a vulnerable system.

1) An unspecified error related to the RealPlayer ASM Rulebook can be
exploited to cause a heap-based buffer overflow.

2) An unspecified error when processing GIF images can be exploited
to cause a heap-based buffer overflow.

3) A vulnerability is caused due to an unspecified error related to
HTTP chunk encoding.

4) An unspecified error within the RealPlayer SIPR codec can be
exploited to cause a heap-based buffer overflow.

5) An unspecified error when processing compressed GIF images can be
exploited to cause a heap-based buffer overflow.

6) An unspecified error within the RealPlayer SMIL parsing can be
exploited to cause a heap-based buffer overflow.

7) An unspecified error within the RealPlayer skin parsing can be
exploited to cause a stack-based buffer overflow.

8) An unspecified error related to the RealPlayer ASM RuleBook can be
exploited to cause an "array overflow".

9) An unspecified boundary error related to RealPlayer RTSP
"set_parameter" can be exploited to cause a buffer overflow.

10) Two vulnerabilities are caused due to errors within the
processing of Internet Video Recording (IVR) files.

For more information:
SA33810

The following products are affected by one or all vulnerabilities
(see vendor's advisory for details):
* RealPlayer SP 1.0.0 and 1.0.1 
* RealPlayer 11 11.0.5 and higher
* RealPlayer 11 11.0.0, 11.0.1 - 11.0.4
* RealPlayer 10.5 6.0.12.1675, 6.0.12.1040-6.0.12.1663, 6.0.12.1698,
6.0.12.1741
* RealPlayer 10
* RealPlayer Enterprise
* Mac RealPlayer  10, 10.1, 11.0, 11.0.1
* Helix Player 10.*, 11.0.0, 11.0.1
* Linux RealPlayer 10, 11.0.0, 11.0.1

SOLUTION:
Update to the latest version. Please see the vendor's advisory for
details.
http://service.real.com/realplayer/security/01192010_player/en/

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
* Evgeny Legerov
* anonymous persons working with iDEFENSE Labs
* John Rambo and anonymous researchers working with TippingPoint's
Zero Day Initiative

ORIGINAL ADVISORY:
http://service.real.com/realplayer/security/01192010_player/en/

OTHER REFERENCES:
SA33810:
http://secunia.com/advisories/33810/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------