Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

RealPlayer for Windows < 6.0.14.806 / 6.0.12.1675 Multiple Vulnerabilities

Medium

Synopsis

The remote Windows application is affected by at least one security vulnerability.

Description

According to its version number, the installed version of RealPlayer / RealPlayer Enterprise on the remote Windows host suffers from possibly several issues :

- Heap memory corruption issues in several ActiveX controls can lead to arbitrary code execution (CVE-2008-1309). - An unspecified local resource reference vulnerability (CVE-2008-3064). - An SWF file heap-based buffer overflow (CVE-2007-5400). - A buffer overflow involving the 'import()' method in an ActiveX control implemented by the 'rjbdll.dll' module could result in arbitrary code execution (CVE-2008-3066).

Note that RealPlayer 11 (builds 6.0.14.738 - 6.0.14.802) are only affected by the first issue (CVE-2008-1309). Note that the vendor's advisory states that version numbers for RealPlayer 10.5 are not sequential.

Solution

Upgrade to RealPlayer 11.0.3 (build 6.0.14.806) / RealPlayer 10.5 (build 6.0.12.1675) or higher.