RealNetworks RealPlayer Code Execution Vulnerabilities - Dec12 (Win) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to multiple code execution vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code on the system or cause the application to crash. Impact Level: System/Application

Solution

Upgrade to RealPlayer version 16.0.0.282 or later, For updates refer to http://www.real.com/player

Insight

Multiple errors are caused when handling - RealAudio files may result in dereferencing an invalid pointer. - RealMedia files can be exploited to cause a buffer overflow.

Affected

RealPlayer versions 15.0.6.14 and prior on Windows RealPlayer SP versions 1.0 through 1.1.5 (12.0.0.879) on Windows

References

http://secunia.com/advisories/51589
http://securitytracker.com/id?1027893
http://service.real.com/realplayer/security/12142012_player/en
http://www.osvdb.org/88486
http://www.osvdb.org/88487

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5690, CVE-2012-5691

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
Adobe Air Multiple Vulnerabilities -01 August 12 (Mac OS X)
Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)

Take action and discover your vulnerabilities