Severity: : Critical
  CVE Kennungen: : CVE-2010-4393
  Advisory Date: 21 de июля de 2015

  DESCRIPTION

Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file.

  INFORMATION EXPOSURE

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1004614
  Trend Micro Deep Security DPI Rule Name: 1004614 - Real Networks RealPlayer '.AVI' File Parsing Buffer Overflow

  AFFECTED SOFTWARE AND VERSION:

  • realnetworks realplayer 11.0
  • realnetworks realplayer 11.1
  • realnetworks realplayer 14.0.0
  • realnetworks realplayer 14.0.1
  • realnetworks realplayer_sp 1.0.0
  • realnetworks realplayer_sp 1.0.1
  • realnetworks realplayer_sp 1.0.2
  • realnetworks realplayer_sp 1.0.5
  • realnetworks realplayer_sp 1.1
  • realnetworks realplayer_sp 1.1.1
  • realnetworks realplayer_sp 1.1.2
  • realnetworks realplayer_sp 1.1.3
  • realnetworks realplayer_sp 1.1.4
  • realnetworks realplayer_sp 1.1.5