RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability (Mac OS X) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to remote code execution vulnerability.

Impact

Successful exploitation allows remote attackers to execute arbitrary code. Impact Level: Application

Solution

Upgrade to RealPlayer version 12.0.0.1703 or later, For updates refer to http://www.real.com/player

Insight

The flaw is due to an improper decoding of samples by ATRAC codec, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.

Affected

RealPlayer versions 12.X through 12.0.0.1701 on Mac OS X

References

http://securitytracker.com/id/1026643
http://service.real.com/realplayer/security/02062012_player/en/
http://www.securityfocus.com/bid/51890

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0928

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Mac OS X)
3S CoDeSys CmpWebServer Multiple Vulnerabilities
Adobe Acrobat Multiple Vulnerabilities - Mac OS X

Take action and discover your vulnerabilities