Check Point Advisories

RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution (CVE-2010-3747)

Vulnerability
Protection

Check Point Reference:	CPAI-2010-416
Date Published:	28 Oct 2010
Severity:	Critical
Last Updated:	Tuesday 09 January, 2018
Source:	Rapid7
Industry Reference:	CVE-2010-3747
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?	RealPlayer 11/11.1 RealPlayer SP 1.0 - 1.1.4.
Vulnerability Description	RealPlayer is a media player application developed by RealNetworks Inc. This application is capable of playing back numerous multimedia file formats and can open media files from local file system or network servers. A remote code execution vulnerability has been reported in RealNetworks RealPlayer ActiveX control. The vulnerability is due to access to uninitialized memory during processing of CDDA URIs. A remote attacker may leverage this issue by enticing a target user to open a crafted web file. Successful exploitation of this vulnerability would allow an attacker to execute arbitrary code in the security context of the logged in user, and may cause an abnormal termination of the affected product.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Media Player Enforcement Violation.
Attack Information: RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution