RealPlayer for Windows < Build Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

A multimedia application on the remote Windows host is affected by
multiple vulnerabilities.

Description :

According to its build number, the installed version of RealPlayer on
the remote Windows host is affected by multiple vulnerabilities :

- The OpenURLInDefaultBrowser() method will open and
execute the first parameter based on the operating
system's default handler for the filetype and is
accessible through RealPlayer's internal browser, which
in turn can be reached using a specially crafted
RealPlayer audio or settings (RNX) file. (CVE-2011-1426)

- A heap-based buffer overflow vulnerability can be
triggered when processing a malformed Internet Video
Recording (IVR) file. (CVE-2011-1525)

See also :

Solution :

Upgrade to RealPlayer (Build or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.4
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 53409 ()

Bugtraq ID: 46946

CVE ID: CVE-2011-1426

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now