RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability (Win) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to remote code execution vulnerability.

Impact

Successful exploitation allows remote attackers to execute arbitrary code. Impact Level: Application

Solution

Upgrade to RealPlayer version 15.2.71 or later, For updates refer to http://www.real.com/player

Insight

The flaw is due to an improper decoding of samples by ATRAC codec, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.

Affected

RealPlayer versions 11.x and 14.x RealPlayer SP versions 1.0 through 1.1.5 (12.0.0.879) on Windows

References

http://securitytracker.com/id/1026643
http://service.real.com/realplayer/security/02062012_player/en/
http://www.securityfocus.com/bid/51890

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0928

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)

Take action and discover your vulnerabilities