RealNetworks RealPlayer Multiple Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary codes within the context of the application.

Solution

Upgrade to RealPlayer SP version 1.1.5, For updates refer to http://www.real.com/player

Insight

The multiple flaws are due to, - Array index error in the player, which allows attackers to execute arbitrary code via a malformed header in a RealMedia '.IVR' file. - Unspecified errors in the player, which allows attackers to bypass intended access restrictions on files via unknown vectors.

Affected

RealNetworks RealPlayer 11.0 to 11.1 on Windows platform.

References

http://service.real.com/realplayer/security/08262010_player/en/
http://xforce.iss.net/xforce/xfdb/61424
http://xforce.iss.net/xforce/xfdb/61426

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2996, CVE-2010-3002
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe Air Code Execution and DoS Vulnerabilities (Windows)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)

Take action and discover your vulnerabilities