Check Point Advisories

RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution - Ver2 (CVE-2010-3747)

Vulnerability
Protection

Check Point Reference:	CPAI-2014-0085
Date Published:	7 Jan 2014
Severity:	Critical
Last Updated:	Tuesday 07 January, 2014
Source:
Industry Reference:	CVE-2010-3747
Protection Provided by:	Security Gateway R77, R76, R75
Who is Vulnerable?
Vulnerability Description	RealPlayer is a media player application developed by RealNetworks Inc. This application is capable of playing back numerous multimedia file formats and can open media files from local file system or network servers. A remote code execution vulnerability has been reported in RealNetworks RealPlayer ActiveX control. The vulnerability is due to access to uninitialized memory during processing of CDDA URIs. A remote attacker may leverage this issue by enticing a target user to open a crafted web file. Successful exploitation of this vulnerability would allow an attacker to execute arbitrary code in the security context of the logged in user, and may cause an abnormal termination of the affected product.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated,
update your Security Gateway product to the latest IPS update.
For information on how to update IPS, go to

SBP-2006-05,
Protection tab and select the version of your choice.

Security Gateway R77 / R76 / R75 / R71 / R70

In the IPS tab, click Protections and find the RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution - Ver2 protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

SmartView Tracker will log the following entries:

Attack Name: HTTP Protocol Inspection.
Attack Information: RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution - Ver2