RealPlayer for Windows < Build Multiple Vulnerabilities

High Nessus Plugin ID 21140


The remote Windows application is affected by several issues.


According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from one or more buffer overflows involving maliciously- crafted SWF and MBC files as well as web pages. In addition, it also may be affected by a local privilege escalation issue.


Upgrade according to the vendor advisory referenced above.

See Also

Plugin Details

Severity: High

ID: 21140

File Name: realplayer_6_0_12_1483.nasl

Version: $Revision: 1.18 $

Type: local

Agent: windows

Family: Windows

Published: 2006/03/24

Modified: 2011/09/12

Dependencies: 20183

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Required KB Items: SMB/RealPlayer/Product, SMB/RealPlayer/Build

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2006/03/16

Vulnerability Publication Date: 2005/11/15

Reference Information

CVE: CVE-2005-2922, CVE-2005-2936, CVE-2006-0323, CVE-2006-1370

BID: 15448, 17202

OSVDB: 21010, 24061, 24062, 24063

CWE: 119