This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control that is affected by
heap memory corruption vulnerabilities.
The remote host contains the Real Player ActiveX control, included
with the RealPlayer media player, used to play content in a
The version of this control installed on the remote host reportedly
contains a buffer overflow that can be leveraged by calls to various
methods, such as 'Console', to modify heap blocks after they are freed
and overwrite certain registers. If an attacker can trick a user on
the affected host into visiting a specially crafted web page, he may
be able to use this method to execute arbitrary code on the affected
system subject to the user's privileges.
See also :
Upgrade to RealPlayer 11.0.3 (build 184.108.40.2066) / RealPlayer 10.5
(build 220.127.116.115) or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true