RealPlayer 18.1.5.x < 188.8.131.524 (Win) RCE
High Nessus Network Monitor Plugin ID 700137
SynopsisThe remote host is running a version of RealPlayer multimedia application that may be vulnerable to a Remote Code Execution (RCE) attack vector.
DescriptionVersions of RealPlayer 18.1.5.x prior to 184.108.40.2064 on Windows are potentially affected by a flaw that is triggered when loading certain dynamic-link libraries. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path, a local attacker can inject and execute arbitrary code with the privilege of the user running the program.
SolutionWindows users should upgrade to RealPlayer 220.127.116.114 or later.