Real Networks RealPlayer < 15.0.2.72 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6311

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running RealPlayer, a multi-media application.

RealPlayer versions earlier than 15.0.2.72 are potentially affected by the following issues :

- A remote code execution vulnerability exists related to rvrender RMFF Flags. (CVE-2012-0922)

- A remote code execution vulnerability exists related to the RV20 Frame Size Array. (CVE-2012-0923)

- A remote code execution vulnerability exists relating to VIDOBJ_START_CODE. (CVE-2012-0924)

- A remote code execution vulnerability exists relating to RV40. (CVE-2012-0925)

- A remote code execution vulnerability exists relating to RV10 Encoded Height/Width. (CVE-2012-0926)

- A remote code execution vulnerability exists relating to RealAudio coded_frame_size. (CVE-2012-0927)

- A remote code execution vulnerability exists relating to Attrac Sample Decoding. (CVE-2012-0928)

Solution

Upgrade to RealPlayer 15.0.2.72 or later.

See Also

http://service.real.com/realplayer/security/02062012_player/en

Plugin Details

Severity: High

ID: 6311

Family: Web Clients

Published: 2/8/2012

Updated: 3/6/2019

Nessus ID: 57863

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Patch Publication Date: 2/6/2012

Vulnerability Publication Date: 2/6/2012

Reference Information

CVE: CVE-2012-0922, CVE-2012-0923, CVE-2012-0924, CVE-2012-0925, CVE-2012-0926, CVE-2012-0927, CVE-2012-0928

BID: 51883, 51884, 51885, 51887, 51888, 51889