FreeBSD : linux-realplayer -- multiple vulnerabilities (f762ccbb-baed-11dc-a302-000102cc8983)

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

Multiple vulnerabilities have been reported in
RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious
people to compromise a user's system.

An input validation error when processing .RA/.RAM files can be
exploited to cause a heap corruption via a specially crafted .RA/.RAM
file with an overly large size field in the header.

An error in the processing of .PLS files can be exploited to cause a
memory corruption and execute arbitrary code via a specially crafted
.PLS file.

An input validation error when parsing .SWF files can be exploited to
cause a buffer overflow via a specially crafted .SWF file with
malformed record headers.

A boundary error when processing rm files can be exploited to cause a
buffer overflow.

See also :

http://service.real.com/realplayer/security/10252007_player/en/
http://www.zerodayinitiative.com/advisories/ZDI-07-063.html
http://www.zerodayinitiative.com/advisories/ZDI-07-062.html
http://www.zerodayinitiative.com/advisories/ZDI-07-061.html
http://www.nessus.org/u?21866adf

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 29866 (freebsd_pkg_f762ccbbbaed11dca302000102cc8983.nasl)

Bugtraq ID:

CVE ID: CVE-2007-2263
CVE-2007-2264
CVE-2007-3410
CVE-2007-5081

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now