icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Real Networks RealPlayer < 14.0.2.633 (Build 12.0.1.633) Multiple Remote Code Execution Vulnerabilities

High

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running RealPlayer, a multi-media application.

RealPlayer builds earlier than 12.0.1.633 are potentially affected by multiple code execution vulnerabilities : - A heap corruption vulnerability when handling specially crafted AVI headers. (CVE-2010-4393)

- A flaw exists in the temporary file naming scheme used for storage which can be combined with the OpenURLinPlayerBrowser function to execute arbitrary code. (CVE-2011-0694)

Solution

Upgrade to RealPlayer 14.0.2.633 (Build 12.0.1.633) or later.