RealPlayer Multiple Remote Overflows

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote Windows application is affected by several remote
overflows.

Description :

According to its build number, the installed version of RealPlayer on
the remote host is vulnerable to several overflows. In exploiting
these flaws, an attacker would need to be able to coerce a local user
into visiting a malicious URL or downloading a malicious media file
which, on execution, would execute code with the privileges of the
local user.

See also :

http://www.securityfocus.com/archive/1/365709/2004-06-07/2004-06-13/0
http://www.nessus.org/u?4a2e2a79
http://service.real.com/help/faq/security/040610_player/EN/
http://www.eeye.com/html/research/upcoming/20040811.html

Solution :

Install the updates as outlined in the vendor advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.9
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 14278 ()

Bugtraq ID: 10527
10528
10934

CVE ID: CVE-2004-0550

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now