Summary
This host is installed with RealPlayer which is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker execute arbitrary codes within the context of the application and can cause heap overflow or cause denial of service.
Impact Level: Application
Solution
Upgrade to RealPlayer version 15.0.0 or later
For updates refer to http://www.real.com/player
Insight
Multiple flaws are due to,
- Unspecified errors in RV20, RV10, RV30, ATRC and AAC codec, allows attackers to execute arbitrary code via unspecified vectors.
- An unspecified error related to RealVideo rendering, related to MP4 video dimensions can be exploited to corrupt memory.
- An unspecified error exists when parsing of QCELP streams, MP4 headers, MP4 files and the channel within the Cook codec and MLTI chunk length within IVR files.
- An unspecified error exists related to sample size when parsing RealAudio files.
- An unspecified error exists when handling RTSP SETUP requests.
Affected
RealPlayer versions prior to 15.0.0
References
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- 3S CoDeSys CmpWebServer Multiple Vulnerabilities
- Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
- Adobe Air Code Execution and DoS Vulnerabilities (Windows)