Detections
Analytics

Real Networks RealPlayer < 14.0.3.647 (Build 12.0.1.647) Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 5886

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running RealPlayer, a multi-media application.

RealPlayer builds earlier than 12.0.1.647 are potentially affected by multiple code execution vulnerabilities :

 - An error exists in the function 'OpenURLInDefaultBrowser' which mishandles certain file types and can allow arbitrary code execution via crafted RealPlayer audio or settings (RNX) files. (CVE-2011-1426)

 - A heap based buffer overflow vulnerability exists and can be exploited when RealPlayer is processing certain Internet Video Recording (IVR) files. (CVE-2011-1525)

Solution

Upgrade to RealPlayer 14.0.3.647 (Build 12.0.1.647) or later.

See Also

http://www.zerodayinitiative.com/advisories/ZDI-11-122

http://service.real.com/realplayer/security/04122011_player/en

http://aluigi.altervista.org/adv/real_5-adv.txt

Plugin Details

Severity: Critical

ID: 5886

Family: Web Clients

Published: 4/14/2011

Updated: 3/6/2019

Nessus ID: 53409

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Patch Publication Date: 4/12/2011

Vulnerability Publication Date: 3/21/2011

Reference Information

CVE: CVE-2011-1426, CVE-2011-1525

BID: 46946, 47335