RealNetworks RealPlayer Buffer Overflow Vulnerability Dec13 (Windows) Network Vulnerability

Summary

The host is installed with RealPlayer and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote unauthenticated attacker to execute arbitrary code with the privileges of the application. Impact Level: System/Application

Solution

Upgrade to RealPlayer version 17.0.4.61 or later, For updates refer to http://www.real.com/player

Insight

Flaw is due to, - An error in handling the 'version' and 'encoding' attributes in RMP files. - Improper validation of user input when handling the 'trackid' attribute in RMP files.

Affected

RealPlayer version before 17.0.4.61 on Windows.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/56219
http://service.real.com/realplayer/security/12202013_player/en
http://www.osvdb.com/101356

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-6877, CVE-2013-7260

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
Adobe Air Multiple Vulnerabilities - November12 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)
Adobe Acrobat Remote Code Execution Vulnerability(Win)
Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)

Take action and discover your vulnerabilities