Summary
This host is installed with RealPlayer which is prone to multiple vulnerabilities
Impact
Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to RealPlayer version 12.0.0.1701 or later, For updates refer to http://www.real.com/player
Insight
Multiple flaws are due to,
- Improper handling of DEFINEFONT fields in SWF files which allows remote attackers to execute arbitrary code via a crafted file.
- A buffer overflow error which allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.
Affected
RealPlayer version 12.0.0.1569 and prior on Mac OS X
References
Severity
Classification
-
CVE CVE-2011-2948, CVE-2011-2951 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)