Detections
Analytics

RealPlayer for Windows < Build 6.0.12.1483 Multiple Vulnerabilities

high Nessus Plugin ID 21140

Synopsis

The remote Windows application is affected by several issues.

Description

According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise on the remote Windows host suffers from one or more buffer overflows involving maliciously- crafted SWF and MBC files as well as web pages. In addition, it also may be affected by a local privilege escalation issue.

Solution

Upgrade according to the vendor advisory referenced above.

See Also

http://www.nessus.org/u?1d16d359

http://www.nessus.org/u?c0b66183

http://service.real.com/realplayer/security/03162006_player/en/

Plugin Details

Severity: High

ID: 21140

File Name: realplayer_6_0_12_1483.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 3/24/2006

Updated: 7/25/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Required KB Items: SMB/RealPlayer/Product, SMB/RealPlayer/Build

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/16/2006

Vulnerability Publication Date: 11/15/2005

Reference Information

CVE: CVE-2005-2922, CVE-2005-2936, CVE-2006-0323, CVE-2006-1370

BID: 15448, 17202

CWE: 119