This host is installed with RealPlayer which is prone to multiple vulnerabilities.

Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service.

Upgrade to RealPlayer version 11.0.2.2315 or later, For updates refer to http://www.real.com/player

The multiple flaws are due to, - An error in the 'Cook' codec initialization function - Heap-based buffer overflow when parsing of 'Cook' codec information in a Real Audio file with many subbands - Memory corruption error in parsing of a 'RV20' video stream - Cross-site scripting in ActiveX control and several HTML files - Heap-based buffer overflow errors in the cook codec functions - Heap-based buffer overflow when parsing 'AAC', 'IVR', 'RealMedia', 'RA5' and 'SIPR' files - Integer overflow in the handling of frame dimensions in a 'SIPR' stream - Heap-based buffer overflow error when parsing a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream - An integer overflow in the pnen3260.dll module allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file - An use-after-free error allows remote attackers to execute arbitrary code or cause a denial of service via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format - An integer overflow errror allows remote attackers to execute arbitrary code or cause a denial of service via a malformed MLLT atom in an AAC file - Heap-based buffer overflow when handling of multi-rate audio streams

RealPlayer Version 11.0.2.1744 on Linux platform.

• http://secunia.com/secunia_research/2010-5/
• http://service.real.com/realplayer/security/08262010_player/en/

---

Updated on 2015-03-25