RealPlayer Skin File Remote Buffer Overflow
High Nessus Plugin ID 15789
SynopsisThe remote Windows application is affected by a remote buffer overflow.
DescriptionAccording to its build number, the installed version of RealPlayer / RealOne Player for Windows may allow an attacker to execute arbitrary code on the remote host, with the privileges of the user running RealPlayer because of an overflow vulnerability in the third-party compression library 'DUNZIP32.DLL'.
To do so, an attacker would need to send a corrupted skin file (.RJS) to a remote user and have him open it using RealPlayer.
SolutionUpgrade according to the vendor advisory referenced above.