RealPlayer for Windows < Build 220.127.116.116 / 18.104.22.1685 Multiple Vulnerabilities
High Nessus Plugin ID 33744
The remote Windows application is affected by at least one security vulnerability.
According to its build number, the installed version of RealPlayer / on the remote Windows host suffers from possibly several issues : - Heap memory corruption issues in several ActiveX controls can lead to arbitrary code execution. (CVE-2008-1309) - An unspecified local resource reference vulnerability. (CVE-2008-3064) - An SWF file heap-based buffer overflow. (CVE-2007-5400) - A buffer overflow involving the 'import()' method in an ActiveX control implemented by the 'rjbdll.dll' module could result in arbitrary code execution. (CVE-2008-3066) Note that RealPlayer 11 (builds 22.214.171.1248 - 126.96.36.1992) are only affected by the first issue (CVE-2008-1309).
Upgrade to RealPlayer 11.0.3 (build 188.8.131.526) / RealPlayer 10.5 (build 184.108.40.2065) or later. Note that the vendor's advisory states that build numbers for RealPlayer 10.5 are not sequential.