RealNetworks RealPlayer Multiple Vulnerabilities - Sep12 (Win) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code on the system or cause the application to crash. Impact Level: System/Application

Solution

Upgrade to RealPlayer version 15.0.6.14 or later, For updates refer to http://www.real.com/player

Insight

Multiple errors caused, when - Unpacking AAC stream - Decoding AAC SDK - Handling RealMedia files, which can be exploited to cause a buffer overflow.

Affected

RealPlayer versions 11.x, 14.x and 15.x through 15.0.2.72 RealPlayer SP versions 1.0 through 1.1.5 (12.0.0.879) on Windows

References

http://secunia.com/advisories/47896/
http://securitytracker.com/id/1027510
http://service.real.com/realplayer/security/09072012_player/en/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2407, CVE-2012-2408, CVE-2012-2409, CVE-2012-2410, CVE-2012-3234

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)
Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Windows)

Take action and discover your vulnerabilities