Rhapsody vidplin.dll AVI Processing Heap Overflow Vulnerability

High Nessus Plugin ID 18560


The remote Windows host contains a multimedia player that is prone to a buffer overflow attack.


The remote installation of Rhapsody has a heap overflow in the 'vidplin.dll' file used to process AVI files. With a specially- crafted AVI file, an attacker can exploit this flaw to cause arbitrary code to be run within the context of the affected application when a user opens the file.


Upgrade according to the vendor advisory referenced above.

See Also




Plugin Details

Severity: High

ID: 18560

File Name: rhapsody_realtext_parsing_overflow.nasl

Version: $Revision: 1.15 $

Type: local

Agent: windows

Family: Windows

Published: 2005/06/24

Modified: 2016/11/02

Dependencies: 18559

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:U/RC:C

Vulnerability Information

Required KB Items: SMB/Rhapsody/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2005/06/23

Vulnerability Publication Date: 2005/06/23

Reference Information

CVE: CVE-2005-2052

BID: 13530

OSVDB: 17576