Rhapsody vidplin.dll AVI Processing Heap Overflow Vulnerability

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a multimedia player that is prone to
a buffer overflow attack.

Description :

The remote installation of Rhapsody has a heap overflow in the
'vidplin.dll' file used to process AVI files. With a specially-
crafted AVI file, an attacker can exploit this flaw to cause arbitrary
code to be run within the context of the affected application when a
user opens the file.

See also :

http://research.eeye.com/html/advisories/published/AD20050623.html
http://seclists.org/bugtraq/2005/Jun/201
http://service.real.com/help/faq/security/050623_player/EN/

Solution :

Upgrade according to the vendor advisory referenced above.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.9
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 18560 ()

Bugtraq ID: 13530

CVE ID: CVE-2005-2052

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now