RHEL 4 : RealPlayer (RHSA-2005:265)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated RealPlayer package that fixes two buffer overflow issues is
now available.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

RealPlayer is a media player.

A stack based buffer overflow bug was found in RealPlayer's
Synchronized Multimedia Integration Language (SMIL) file processor. An
attacker could create a specially crafted SMIL file which would
execute arbitrary code when opened by a user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0455 to this issue.

A buffer overflow bug was found in the way RealPlayer decodes WAV
sound files. An attacker could create a specially crafted WAV file
which could execute arbitrary code when opened by a user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0611 to this issue.

All users of RealPlayer are advised to upgrade to this updated
package, which contains RealPlayer version 10.0.3 and is not
vulnerable to these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-0455.html
https://www.redhat.com/security/data/cve/CVE-2005-0611.html
http://service.real.com/help/faq/security/050224_player/EN/
http://rhn.redhat.com/errata/RHSA-2005-265.html

Solution :

Update the affected RealPlayer package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 17268 ()

Bugtraq ID:

CVE ID: CVE-2005-0455
CVE-2005-0611