RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability (Mac OS X) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to remote code execution vulnerability.

Impact

Successful exploitation allows remote attackers to execute arbitrary code. Impact Level: Application

Solution

Upgrade to RealPlayer version 12.0.0.1703 or later, For updates refer to http://www.real.com/player

Insight

The flaw is due to an improper decoding of samples by ATRAC codec, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.

Affected

RealPlayer versions 12.X through 12.0.0.1701 on Mac OS X

References

http://securitytracker.com/id/1026643
http://service.real.com/realplayer/security/02062012_player/en/
http://www.securityfocus.com/bid/51890

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0928

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)

Take action and discover your vulnerabilities