RealPlayer for Windows < 15.0.4.53 Multiple Vulnerabilities

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

A multimedia application on the remote Windows host is affected by
multiple vulnerabilities.

Description :

According to its build number, the installed version of RealPlayer on
the remote Windows host is earlier than 15.0.4.53. As such, it is
affected by multiple vulnerabilities :

- A memory corruption error exists related to the
handling of 'MP4' files. (CVE-2012-1904)

- An unspecified error exists related to the parsing of
'RealMedia ASMRuleBook' files that can lead to remote
arbitrary code execution. (CVE-2012-2406)

- A buffer overflow exists related to the parsing of
'RealJukebox Media' content. (CVE-2012-2411)

See also :

http://www.nessus.org/u?a70d3491
http://service.real.com/realplayer/security/05152012_player/en/

Solution :

Upgrade to RealPlayer 15.0.4.53 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 59173 ()

Bugtraq ID: 52706
53555

CVE ID: CVE-2012-1904
CVE-2012-2406
CVE-2012-2411

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now