Summary
The host is installed with RealPlayer and is prone to buffer overflow vulnerability.
Impact
Successful exploitation will allow remote unauthenticated attacker to execute arbitrary code with the privileges of the application.
Impact Level: System/Application
Solution
Upgrade to RealPlayer version 17.0.4.61 or later,
For updates refer to http://www.real.com/player
Insight
Flaw is due to,
- An error in handling the 'version' and 'encoding' attributes in RMP files.
- Improper validation of user input when handling the 'trackid' attribute in RMP files.
Affected
RealPlayer version before 17.0.4.61 on Windows.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-6877, CVE-2013-7260 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
- Adobe Acrobat Unspecified vulnerability
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)