FreeBSD : realplayer -- remote heap overflow (c73305ae-8cd7-11d9-9873-000a95bc6fae)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Two exploits have been identified in the Linux RealPlayer client.
RealNetworks states :

RealNetworks, Inc. has addressed recently discovered security
vulnerabilities that offered the potential for an attacker to run
arbitrary or malicious code on a customer's machine. RealNetworks has
received no reports of machines compromised as a result of the
now-remedied vulnerabilities. RealNetworks takes all security
vulnerabilities very seriously.

The specific exploits were :

- Exploit 1: To fashion a malicious WAV file to cause a buffer
overflow which could have allowed an attacker to execute arbitrary
code on a customer's machine.

- Exploit 2: To fashion a malicious SMIL file to cause a buffer
overflow which could have allowed an attacker to execute arbitrary
code on a customer's machine.

See also :

http://marc.info/?l=vulnwatch&m=110977858619314
http://service.real.com/help/faq/security/050224_player/EN/
http://www.nessus.org/u?5f08e3b8

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19116 (freebsd_pkg_c73305ae8cd711d99873000a95bc6fae.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0611

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now