Summary
This host is installed with RealPlayer which is prone to denial of service vulnerability.
Impact
Successful exploitation may allow remote attackers to execute arbitrary code, cause buffer overflow or cause the application to crash, creating a denial of service condition.
Impact Level: system/Application
Solution
Upgrade to RealPlayer version 15.0.4.53 or later,
For updates refer to http://www.real.com/player
Insight
The flaws are due to
- An error the in 'mp4fformat.dll' in the QuickTime File Format plugin. This can be exploited to cause a crash by sending a crafted MP4 file.
- An error within the parsing of RealMedia ASMRuleBook.
- An error within the RealJukebox Media parser, which allows to cause a buffer overflow.
Affected
RealPlayer versions before 15.0.4.53
RealPlayer SP versions 1.0 through 1.1.5 on Windows
References
- http://en.securitylab.ru/nvd/422383.php
- http://packetstormsecurity.org/files/111162/RealPlayer-1.1.4-Memory-Corruption.html
- http://secunia.com/advisories/49193
- http://service.real.com/realplayer/security/05152012_player/en/
- http://xforce.iss.net/xforce/xfdb/74316
- http://xforce.iss.net/xforce/xfdb/75647
- http://xforce.iss.net/xforce/xfdb/75648
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-1904, CVE-2012-2406, CVE-2012-2411 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities