RealNetworks RealPlayer Multiple Vulnerabilities (Mac OS X) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to multiple vulnerabilities

Impact

Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service. Impact Level: System/Application

Solution

Upgrade to RealPlayer version 12.0.0.1701 or later, For updates refer to http://www.real.com/player

Insight

Multiple flaws are due to, - Improper handling of DEFINEFONT fields in SWF files which allows remote attackers to execute arbitrary code via a crafted file. - A buffer overflow error which allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.

Affected

RealPlayer version 12.0.0.1569 and prior on Mac OS X

References

http://secunia.com/advisories/44014/
http://secunia.com/advisories/45668/
http://service.real.com/realplayer/security/08162011_player/en/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2948, CVE-2011-2951

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
Adobe Air Multiple Vulnerabilities -01 August 12 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)
Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)

Take action and discover your vulnerabilities