Vulnerability CVE-2012-0926 - CERT Civis.Net

Vulnerability Name:

CVE-2012-0926 (CCN-73022)

Assigned:

2012-02-06

Published:

2012-02-06

Updated:

2012-02-25

Summary:

The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-0926

Source: CCN
Type: SA47896
RealPlayer Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
47896

Source: CCN
Type: RealNetworks November 2011 Update
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Source: CONFIRM
Type: Vendor Advisory
http://service.real.com/realplayer/security/02062012_player/en/

Source: CCN
Type: OSVDB ID: 78915
RealPlayer rv10.dll RV10 Encoded Content Height / Width Value Handling Remote Code Execution

Source: CCN
Type: BID-51888
Real Networks RealPlayer CVE-2012-0926 Remote Code Execution Vulnerability

Source: XF
Type: UNKNOWN
realplayer-rv10-code-execution(73022)

Source: CCN
Type: ZDI-12-084
RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:realnetworks:realplayer:14.0.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:14.0.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:14.0.1.609:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:14.0.1.633:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:14.0.2:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:14.0.3:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:14.0.4:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:14.0.5:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:14.0.6:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:14.0.7:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.2.2315:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11.1.3:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:11_build_6.0.14.748:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:realnetworks:realplayer:15.0.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer:15.0.1.13:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:realnetworks:realplayer:15.0.1.13:*:*:*:*:*:*:*

Denotes that component is vulnerable