Real Networks RealPlayer < 188.8.131.527 (Build 184.108.40.2067) Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 5886
SynopsisThe remote host is running an application that is vulnerable to multiple attack vectors.
DescriptionThe remote host is running RealPlayer, a multi-media application.
RealPlayer builds earlier than 220.127.116.117 are potentially affected by multiple code execution vulnerabilities :
- An error exists in the function 'OpenURLInDefaultBrowser' which mishandles certain file types and can allow arbitrary code execution via crafted RealPlayer audio or settings (RNX) files. (CVE-2011-1426)
- A heap based buffer overflow vulnerability exists and can be exploited when RealPlayer is processing certain Internet Video Recording (IVR) files. (CVE-2011-1525)
SolutionUpgrade to RealPlayer 18.104.22.1687 (Build 22.214.171.1247) or later.