Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Real Networks RealPlayer < 14.0.3.647 (Build 12.0.1.647) Multiple Vulnerabilities

High

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running RealPlayer, a multi-media application.

RealPlayer builds earlier than 12.0.1.647 are potentially affected by multiple code execution vulnerabilities :

- An error exists in the function 'OpenURLInDefaultBrowser' which mishandles certain file types and can allow arbitrary code execution via crafted RealPlayer audio or settings (RNX) files. (CVE-2011-1426)

- A heap based buffer overflow vulnerability exists and can be exploited when RealPlayer is processing certain Internet Video Recording (IVR) files. (CVE-2011-1525)

Solution

Upgrade to RealPlayer 14.0.3.647 (Build 12.0.1.647) or later.