This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
An application on the remote Windows host is affected by multiple
According to its build number, the installed version of RealPlayer on
the remote Windows host is affected by multiple vulnerabilities:
- An error in the 'Cook' codec initialization function
and can be used to access uninitialized memory.
- Freed pointer access in the handling of the 'Stream
Title' tag in a SHOUTcast stream using the ICY protocol.
- An integer overflow error exists when handling a
malformed 'MLLT atom' in an AAC file. (CVE-2010-2999)
- Heap-based buffer overflow when handling of multi-rate
audio streams. (CVE-2010-4375)
- Heap-based buffer overflow when parsing GIF87a files
with large 'Screen Width' values in the 'Screen
Descriptor' header over RTSP. (CVE-2010-4376)
- Heap-based buffer overflow when parsing of 'Cook' codec
information in a Real Audio file with many subbands.
- Memory corruption in parsing of a 'RV20' video stream.
- Heap-based buffer overflow when parsing 'AAC', 'IVR',
'RealMedia', 'RA5', 'RealPix', 'SIPR' and 'SOUND' files.
(CVE-2010-0125, CVE-2010-4379, CVE-2010-4380,
CVE-2010-4381, CVE-2010-4382, CVE-2010-4383,
CVE-2010-4384, CVE-2010-4386, CVE-2010-4387,
CVE-2010-4390, CVE-2010-4391, CVE-2010-4392)
- Integer overflow in the handling of frame dimensions in
a 'SIPR' stream. (CVE-2010-4385)
- An input validation error in the 'pnen3260.dll' module
can allow arbitrary code execution via a crafted 'TIT2
atom' in an AAC file. (CVE-2010-4397)
- Heap-based buffer overflow in the 'Cook' codec handling
functions. (CVE-2010-2579, CVE-2010-4389)
- Heap-based buffer overflow in the decoding portion of
the 'Advanced Audio Coding' compression implementation.
- Cross-site scripting in ActiveX control and several
HTML files. (CVE-2010-4396, CVE-2010-4388)
See also :
Upgrade to RealPlayer 18.104.22.1689 (Build 22.214.171.1249) or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false
Nessus Plugin ID: 50612 ()
CVE ID: CVE-2010-0121
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now