FreeBSD : linux-realplayer -- heap overflow (fe4c84fc-bdb5-11da-b7d4-00123ffe8333)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

iDefense Reports :

Remote exploitation of a heap-based buffer overflow in RealNetwork
Inc's RealPlayer could allow the execution of arbitrary code in the
context of the currently logged in user.

In order to exploit this vulnerability, an attacker would need to
entice a user to follow a link to a malicious server. Once the user
visits a website under the control of an attacker, it is possible in a
default install of RealPlayer to force a web-browser to use RealPlayer
to connect to an arbitrary server, even when it is not the default
application for handling those types, by the use of embedded object
tags in a webpage. This may allow automated exploitation when the page
is viewed.

See also :

http://service.real.com/realplayer/security/03162006_player/en/
http://www.nessus.org/u?c3617439
http://www.nessus.org/u?c9af88b8

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21544 (freebsd_pkg_fe4c84fcbdb511dab7d400123ffe8333.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2922

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now