SUSE-SA:2005:014: RealPlayer

medium Nessus Plugin ID 17300

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:014 (RealPlayer).


Two security problems were found in the media player RealPlayer:

- CVE-2005-0455: A buffer overflow in the handling of .smil files.
- CVE-2005-0611: A buffer overflow in the handling of .wav files.

Both buffer overflows can be exploited remotely by providing URLs opened by RealPlayer.

More informations can be found on this URL:
http://service.real.com/help/faq/security/050224_player/EN/

This updates fixes the problems.

Solution

http://www.suse.de/security/advisories/2005_14_realplayer.html

Plugin Details

Severity: Medium

ID: 17300

File Name: suse_SA_2005_014.nasl

Version: 1.15

Agent: unix

Published: 3/9/2005

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.5

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Metasploit (RealNetworks RealPlayer SMIL Buffer Overflow)

Reference Information

CVE: CVE-2005-0455, CVE-2005-0611