RealPlayer ActiveX (ierpplug.dll) Playlist Handling Buffer Overflow
High Nessus Plugin ID 27522
SynopsisThe remote Windows host contains an application that is affected by a buffer overflow vulnerability.
DescriptionThe version of RealPlayer installed on the remote Windows host contains signedness error in its 'MPAMedia.dll' library that can be exploited via an ActiveX control when handling playlist names to cause a stack-based buffer overflow. A remote attacker may be able to exploit this issue to execute arbitrary code subject to the user's privileges on the affected host.
SolutionUpgrade to RealPlayer 10.5 / 11 beta and apply the patch referenced in the vendor advisory above.