FreeBSD : realplayer -- remote heap overflow (c73305ae-8cd7-11d9-9873-000a95bc6fae)
Medium Nessus Plugin ID 19116
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionTwo exploits have been identified in the Linux RealPlayer client.
RealNetworks states :
RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.
The specific exploits were :
- Exploit 1: To fashion a malicious WAV file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.
- Exploit 2: To fashion a malicious SMIL file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.
SolutionUpdate the affected package.