RealPlayer < Multiple Remote Overflows

High Nessus Network Monitor Plugin ID 2666


The remote host is vulnerable to a buffer overflow.


The remote host has the RealPlayer software installed.

There are several flaws in the remote version of this software that might allow
an attacker to execute arbitrary code and delete arbitrary files on the remote

To exploit these flaws, an attacker would need to send a malformed SMIL or
WAV file to a user on the remote host and wait for the file to be opened in RealPlayer.


Upgrade to version or higher.

See Also;type=vulnerabilities

Plugin Details

Severity: High

ID: 2666

File Name: 2666.prm

Family: Web Clients

Published: 2005/03/02

Modified: 2016/01/19

Dependencies: 1735, 8314

Nessus ID: 17254

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 8.1

Temporal Score: 7.1


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Exploitable With

Metasploit (RealNetworks RealPlayer SMIL Buffer Overflow)

Reference Information

CVE: CVE-2005-0611, CVE-2005-0455

BID: 12697, 12698