Summary
This host is installed with RealPlayer which is prone to multiple vulnerabilities
Impact
Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to RealPlayer version 14.0.6 or later,
For updates refer to http://www.real.com/player
Insight
Multiple flaws are due to,
- Unspecified errors in an ActiveX control in the browser plugin.
- Improper handling of DEFINEFONT fields in SWF files which allows remote attackers to execute arbitrary code via a crafted file.
- A buffer overflow error which allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file and crafted ID3v2 tags in an MP3 file.
- An use-after-free error allows remote attackers to execute arbitrary code via vectors related to a dialog box and a modal dialog box.
Affected
RealPlayer versions 11.0 through 11.1
RealPlayer SP versions 1.0 through 1.1.5 (12.x)
RealPlayer versions 14.0.0 through 14.0.5
RealPlayer Enterprise versions 2.0 through 2.1.5
References
Severity
Classification
-
CVE CVE-2011-2946, CVE-2011-2947, CVE-2011-2948, CVE-2011-2949, CVE-2011-2952, CVE-2011-2953, CVE-2011-2955 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)