RealPlayer for Windows < Build 18.104.22.1686 / 22.214.171.1245 Multiple Vulnerabilities
High Nessus Plugin ID 33744
The remote Windows application is affected by at least one security vulnerability.
According to its build number, the installed version of RealPlayer / on the remote Windows host suffers from possibly several issues : - Heap memory corruption issues in several ActiveX controls can lead to arbitrary code execution. (CVE-2008-1309) - An unspecified local resource reference vulnerability. (CVE-2008-3064) - An SWF file heap-based buffer overflow. (CVE-2007-5400) - A buffer overflow involving the 'import()' method in an ActiveX control implemented by the 'rjbdll.dll' module could result in arbitrary code execution. (CVE-2008-3066) Note that RealPlayer 11 (builds 126.96.36.1998 - 188.8.131.522) are only affected by the first issue (CVE-2008-1309).
Upgrade to RealPlayer 11.0.3 (build 184.108.40.2066) / RealPlayer 10.5 (build 220.127.116.115) or later. Note that the vendor's advisory states that build numbers for RealPlayer 10.5 are not sequential.