RealPlayer for Windows < 126.96.36.1996 / 188.8.131.525 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 4608
The remote Windows application is affected by at least one security vulnerability.
According to its version number, the installed version of RealPlayer / RealPlayer Enterprise on the remote Windows host suffers from possibly several issues : - Heap memory corruption issues in several ActiveX controls can lead to arbitrary code execution (CVE-2008-1309). - An unspecified local resource reference vulnerability (CVE-2008-3064). - An SWF file heap-based buffer overflow (CVE-2007-5400). - A buffer overflow involving the 'import()' method in an ActiveX control implemented by the 'rjbdll.dll' module could result in arbitrary code execution (CVE-2008-3066). Note that RealPlayer 11 (builds 184.108.40.2068 - 220.127.116.112) are only affected by the first issue (CVE-2008-1309). Note that the vendor's advisory states that version numbers for RealPlayer 10.5 are not sequential.
Upgrade to RealPlayer 11.0.3 (build 18.104.22.1686) / RealPlayer 10.5 (build 22.214.171.1245) or higher.