Summary
This host is installed with RealPlayer which is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary codes within the context of the application.
Solution
Upgrade to RealPlayer SP version 1.1.5,
For updates refer to http://www.real.com/player
Insight
The multiple flaws are due to,
- Array index error in the player, which allows attackers to execute arbitrary code via a malformed header in a RealMedia '.IVR' file.
- Unspecified errors in the player, which allows attackers to bypass intended access restrictions on files via unknown vectors.
Affected
RealNetworks RealPlayer 11.0 to 11.1 on Windows platform.
References
Severity
Classification
-
CVE CVE-2010-2996, CVE-2010-3002 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
- Adobe Air Code Execution and DoS Vulnerabilities (Windows)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)