RealPlayer for Windows < 15.0.6.14 Multiple Vulnerabilities

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

A multimedia application on the remote Windows host is affected by
multiple vulnerabilities.

Description :

According to its build number, the installed version of RealPlayer on
the remote Windows host is earlier than 15.0.6.14. As such, it is
affected by multiple vulnerabilities :

- A buffer overflow error exists related to 'AAC'
handling, specifically unpacking of the stream data.
(CVE-2012-2407)

- A heap-corruption error exists related to the 'AAC
SDK' decoding. (CVE-2012-2408)

- Two unspecified buffer overflow errors exist related to
'RealMedia'. (CVE-2012-2409, CVE-2012-2410)

- A divide-by-zero error exists related to 'RealAudio'
and codec frame size. (CVE-2012-3234)

See also :

http://service.real.com/realplayer/security/09072012_player/en/

Solution :

Upgrade to RealPlayer 15.0.6.14 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 62065 ()

Bugtraq ID: 55473

CVE ID: CVE-2012-2407
CVE-2012-2408
CVE-2012-2409
CVE-2012-2410
CVE-2012-3234

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now