Real Networks RealPlayer < 15.0.4.53 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 6488

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running RealPlayer, a multi-media application.

RealPlayer builds earlier than 15.0.4.53 are potentially affected by multiple vulnerabilities :

- A memory corruption error exists related to the handling of 'MP4' files. (CVE-2012-1904)

- An unspecified error exists related to the parsing of 'RealMedia ASMRuleBook' files that can lead to remote arbitrary code execution. (CVE-2012-2406)

- A buffer overflow exists related to the parsing of 'RealJukebox Media' content. (CVE-2012-2411)

Solution

Upgrade to RealPlayer 15.0.4.53 or later.

See Also

http://www.nessus.org/u?a70d3491

http://service.real.com/realplayer/security/05152012_player/en

Plugin Details

Severity: High

ID: 6488

File Name: 6488.prm

Family: Web Clients

Published: 2012/05/17

Modified: 2016/01/19

Dependencies: 1735, 8314

Nessus ID: 59173

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Patch Publication Date: 2012/05/15

Vulnerability Publication Date: 2012/03/24

Reference Information

CVE: CVE-2012-1904, CVE-2012-2406, CVE-2012-2411

BID: 53555

OSVDB: 80529