Real Networks RealPlayer < 15.0.2.72 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 6311

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running RealPlayer, a multi-media application.

RealPlayer versions earlier than 15.0.2.72 are potentially affected by the following issues :

- A remote code execution vulnerability exists related to rvrender RMFF Flags. (CVE-2012-0922)

- A remote code execution vulnerability exists related to the RV20 Frame Size Array. (CVE-2012-0923)

- A remote code execution vulnerability exists relating to VIDOBJ_START_CODE. (CVE-2012-0924)

- A remote code execution vulnerability exists relating to RV40. (CVE-2012-0925)

- A remote code execution vulnerability exists relating to RV10 Encoded Height/Width. (CVE-2012-0926)

- A remote code execution vulnerability exists relating to RealAudio coded_frame_size. (CVE-2012-0927)

- A remote code execution vulnerability exists relating to Attrac Sample Decoding. (CVE-2012-0928)

Solution

Upgrade to RealPlayer 15.0.2.72 or later.

See Also

http://service.real.com/realplayer/security/02062012_player/en

Plugin Details

Severity: High

ID: 6311

Family: Web Clients

Published: 2012/02/08

Modified: 2018/09/16

Dependencies: 1735, 8314

Nessus ID: 57863

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Patch Publication Date: 2012/02/06

Vulnerability Publication Date: 2012/02/06

Reference Information

CVE: CVE-2012-0922, CVE-2012-0923, CVE-2012-0924, CVE-2012-0925, CVE-2012-0926, CVE-2012-0927, CVE-2012-0928

BID: 51883, 51884, 51885, 51887, 51888, 51889