Real Networks RealPlayer < 15.0.4.53 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6488

Synopsis

The remote host is running an application that is vulnerable to multiple attack vectors.

Description

The remote host is running RealPlayer, a multi-media application.

RealPlayer builds earlier than 15.0.4.53 are potentially affected by multiple vulnerabilities :

- A memory corruption error exists related to the handling of 'MP4' files. (CVE-2012-1904)

- An unspecified error exists related to the parsing of 'RealMedia ASMRuleBook' files that can lead to remote arbitrary code execution. (CVE-2012-2406)

- A buffer overflow exists related to the parsing of 'RealJukebox Media' content. (CVE-2012-2411)

Solution

Upgrade to RealPlayer 15.0.4.53 or later.

See Also

http://www.nessus.org/u?a70d3491

http://service.real.com/realplayer/security/05152012_player/en

Plugin Details

Severity: High

ID: 6488

Family: Web Clients

Published: 5/17/2012

Updated: 3/6/2019

Nessus ID: 59173

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:realnetworks:realplayer

Patch Publication Date: 5/15/2012

Vulnerability Publication Date: 3/24/2012

Reference Information

CVE: CVE-2012-1904, CVE-2012-2406, CVE-2012-2411

BID: 53555