Real Networks RealPlayer < (Build Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 5886


The remote host is running an application that is vulnerable to multiple attack vectors.


The remote host is running RealPlayer, a multi-media application.

RealPlayer builds earlier than are potentially affected by multiple code execution vulnerabilities :

- An error exists in the function 'OpenURLInDefaultBrowser' which mishandles certain file types and can allow arbitrary code execution via crafted RealPlayer audio or settings (RNX) files. (CVE-2011-1426)

- A heap based buffer overflow vulnerability exists and can be exploited when RealPlayer is processing certain Internet Video Recording (IVR) files. (CVE-2011-1525)


Upgrade to RealPlayer (Build or later.

See Also

Plugin Details

Severity: High

ID: 5886

Family: Web Clients

Published: 2011/04/14

Modified: 2016/01/30

Dependencies: 1735, 8314

Nessus ID: 53409

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 9.8

Temporal Score: 9.4


Temporal Vector: CVSS3#E:ND/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Patch Publication Date: 2011/04/12

Vulnerability Publication Date: 2011/03/21

Reference Information

CVE: CVE-2011-1426, CVE-2011-1525

BID: 46946, 47335