RealPlayer 18.1.5.x < (Win) RCE

High Nessus Network Monitor Plugin ID 700137


The remote host is running a version of RealPlayer multimedia application that may be vulnerable to a Remote Code Execution (RCE) attack vector.


Versions of RealPlayer 18.1.5.x prior to on Windows are potentially affected by a flaw that is triggered when loading certain dynamic-link libraries. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path, a local attacker can inject and execute arbitrary code with the privilege of the user running the program.


Windows users should upgrade to RealPlayer or later.

See Also

Plugin Details

Severity: High

ID: 700137

File Name: 700137.prm

Family: Web Clients

Published: 2017/06/16

Modified: 2017/06/16

Dependencies: 1735, 8314

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 8.4

Temporal Score: 8


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Patch Publication Date: 2016/12/20

Vulnerability Publication Date: 2016/12/20

Reference Information

CVE: CVE-2016-9930

OSVDB: 149332