This host is installed with RealPlayer which is prone to multiple vulnerabilities.

Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service.

Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later, For updates refer to http://www.real.com/player

The multiple flaws are due to, - An use-after-free error allows remote attackers to execute arbitrary code or cause a denial of service via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format. - An integer overflow errror allows remote attackers to execute arbitrary code or cause a denial of service via a malformed MLLT atom in an AAC file. - An array index error allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file.

RealPlayer SP 1.0 to 1.0.1 (12.x) RealNetworks RealPlayer SP 11.0 to 11.1 on Windows platform.

• http://secunia.com/advisories/38550/
• http://service.real.com/realplayer/security/10152010_player/en/
• http://service.real.com/realplayer/security/12102010_player/en/

---

Updated on 2015-03-25