RealPlayer for Windows < 15.0.2.71 Multiple Vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

A multimedia application on the remote Windows host is affected by
multiple vulnerabilities.

Description :

According to its build number, the installed version of RealPlayer on
the remote Windows host is earlier than 15.0.2.71. As such, it is
affected by multiple vulnerabilities :

- Errors exist related to 'rvrender RMFF' flags, 'RV20'
frame size arrays, 'VIDOBJ_START_CODE', 'RV40', 'RV10',
'coded_frame_size' and 'Atrac' sample decoding and can
result in remote, arbitrary code execution.
(CVE-2012-0922, CVE-2012-0923, CVE-2012-0924,
CVE-2012-0925, CVE-2012-0926, CVE-2012-0927,
CVE-2012-0928)

See also :

http://zerodayinitiative.com/advisories/ZDI-12-048/
http://zerodayinitiative.com/advisories/ZDI-12-049/
http://zerodayinitiative.com/advisories/ZDI-12-084/
http://zerodayinitiative.com/advisories/ZDI-12-086/
http://zerodayinitiative.com/advisories/ZDI-12-183/
http://zerodayinitiative.com/advisories/ZDI-12-187/
http://zerodayinitiative.com/advisories/ZDI-12-195/
http://seclists.org/fulldisclosure/2012/Jun/72
http://seclists.org/fulldisclosure/2012/Jun/74
http://seclists.org/fulldisclosure/2012/Nov/109
http://seclists.org/fulldisclosure/2012/Nov/134
http://service.real.com/realplayer/security/02062012_player/en/

Solution :

Upgrade to RealPlayer 15.0.2.71 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now