This host is installed with RealPlayer which is prone to multiple vulnerabilities.

Successful exploitation will let the attacker execute arbitrary codes within the context of the application and can cause heap overflow or allow remote code execution.

Upgrade to RealPlayer SP version 1.1.5, For updates refer to http://www.real.com/player

The multiple flaws are due to, - An error in the handling of dimensions during 'YUV420' transformations, which allows attackers to execute arbitrary code via crafted MP4 content. - An integer overflow error in the handling of crafted QCP file. - A heap-based buffer overflow when handling large size values in 'QCP' audio content. - An integer overflows in the 'ParseKnownType()' function, which allows attackers to execute arbitrary code via crafted 'HX_FLV_META_AMF_TYPE_MIXEDARRAY' or 'HX_FLV_META_AMF_TYPE_ARRAY' data in an FLV file. - An unspecified error in an ActiveX control in the Internet Explorer (IE) plugin, has unknown impact and attack vectors related to 'multiple browser windows.'

RealPlayer SP 1.0 to 1.1.4 (12.x) RealNetworks RealPlayer SP 11.0 to 11.1 on Windows platform.

• http://secunia.com/secunia_research/2010-5/
• http://service.real.com/realplayer/security/08262010_player/en/

---

Updated on 2015-03-25