Synopsis
The remote host is running an application that is vulnerable to multiple attack vectors.
Description
The remote host is running RealPlayer, a multi-media application.
RealPlayer SP builds earlier than 12.0.0.879 are potentially affected by multiple vulnerabilities :
- A RealPlayer malformed 'IVR' pointer index code execution vulnerability exists. (CVE-2010-2996, CVE-2010-2998)
A RealPlayerActiveX unauthorized file access vulnerability exists. (CVE-2010-3002)
A RealPlayer 'QCP' file parsing integer overflow vulnerability exists. (CVE-2010-0116)
A vulnerability exists in the way RealPlayer processes the dimensions in the 'YUV420' transformation of 'MP4' content. (CVE-2010-0117)
A heap-based buffer overflow vulnerability exists in RealPlayer's 'QCP' parsing. (CVE-20010-0120)
A vulnerability exists in the ActiveX IE plugin relating to the opening of multiple browser windows. (CVE-2010-3001)
- An uninitialized pointer vulnerability exists in the CDDA URI ActiveX Control. (CVE-2010-3747) - A remote code execution vulnerability exists in RJMDSections. (CVE-210-3750) - A RealPlayer 'QCP' parsing heap-based buffer overflow vulnerability exists. (CVE-2010-2578)
- A remote code execution issue exists in multiple protocol handlers for the RealPlayer ActiveX control. (CVE-2010-3751)
- A stack overflow vulnerability exists in the RichFX component. (CVE-2010-3748)
- A paramenter injection vulnerability exists in the RecordClip browser extension. (CVE-2010-3749)
Solution
Upgrade to RealPlayer SP 1.1.5 or later.
Plugin Details
Nessus ID: 48907
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X
Vulnerability Information
CPE: cpe:/a:realnetworks:realplayer
Patch Publication Date: 8/26/2010
Vulnerability Publication Date: 8/26/2010
Exploitable With
CANVAS (D2ExploitPack)
Metasploit (RealNetworks RealPlayer CDDA URI Initialization Vulnerability)
Reference Information
CVE: CVE-2010-0116, CVE-2010-0117, CVE-2010-0120, CVE-2010-2578, CVE-2010-2996, CVE-2010-2998, CVE-2010-3000, CVE-2010-3001, CVE-2010-3002, CVE-2010-3747, CVE-2010-3748, CVE-2010-3749, CVE-2010-3750, CVE-2010-3751
BID: 42775, 44144, 44423, 44440, 44441, 44442, 44443, 44444, 44451