Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

Multiple security flaws were discovered in RealPlayer. Helix Player
and RealPlayer share a common source code base; therefore, some of the
flaws discovered in RealPlayer may also affect Helix Player. Some of
these flaws could, when opening, viewing, or playing a malicious media
file or stream, lead to arbitrary code execution with the privileges
of the user running Helix Player. (CVE-2010-2997, CVE-2010-4375,
CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383,
CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392)

Our removal packages have nothing in them but a README, so the
HelixPlayer program will be removed from your SL 4 machine, but you
will still have a package called HelixPlayer.

Note: Just to be clear. You will still have a package called
HelixPlayer on your machine, but there will not be any program in it.
It will be an empty rpm.

See also :

Solution :

Update the affected HelixPlayer and / or HelixPlayer-uninstall

Risk factor :

High / CVSS Base Score : 9.3

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60923 ()

Bugtraq ID:

CVE ID: CVE-2010-2997

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now