This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Windows application is affected by multiple
According to its build number, the installed version of RealPlayer on
the remote Windows host has multiple buffer overflow vulnerabilities :
- A RealPlayer malformed 'IVR' pointer index code
execution vulnerability exists.
- A RealPlayerActiveX unauthorized file access
vulnerability exists. (CVE-2010-3002)
- A RealPlayer 'QCP' file parsing integer overflow
vulnerability exists. (CVE-2010-0116)
- A vulnerability exists in the way RealPlayer processes
the dimensions in the 'YUV420' transformation of 'MP4'
- A heap-based buffer overflow vulnerability exists in
RealPlayer's 'QCP' parsing. (CVE-2010-0120)
- A vulnerability exists in the ActiveX IE plugin relating
to the opening of multiple browser windows.
- Multiple integer overflow vulnerabilities exist in
RealPlayer's 'FLV' parsing. (CVE-2010-3000)
- An uninitialized pointer vulnerability exists in the
CDDA URI ActiveX Control. (CVE-2010-3747)
- A remote code execution vulnerability exists in
- A RealPlayer 'QCP' parsing heap-based buffer overflow
vulnerability exists. (CVE-2010-2578)
- A remote code execution issue exists in multiple
protocol handlers for the RealPlayer ActiveX control.
- A stack overflow vulnerability exists in the RichFX
- A parameter injection vulnerability exists in the
RecordClip browser extension. (CVE-2010-3749)
See also :
Upgrade to RealPlayer SP 1.1.5 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true
Nessus Plugin ID: 48907 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now