This host is installed with RealPlayer which is prone to multiple vulnerabilities.

Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service.

Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later, For updates refer to http://www.real.com/player

The multiple flaws are due to, - An error in the 'Cook' codec initialization function - Heap-based buffer overflow errors when parsing 'SIPR', 'AAC', 'RealMedia', 'RA5' and 'SOUND' files - Integer overflow in the handling of frame dimensions in a 'SIPR' stream - An uninitialized pointer vulnerability exists in the CDDA URI ActiveX Control. - A stack-based buffer overflow in the RichFX component. - Heap-based buffer overflow error via a crafted 'QCP' file. - A parameter injection vulnerability in the RecordClip browser extension. - rjrmrpln.dll does not properly validate file contents that are used during interaction with a heap buffer. - Multiple heap-based buffer overflows in an ActiveX control allow remote attackers to execute arbitrary code via a long .smil argument to the tfile, pnmm, cdda protocol handler.

RealPlayer SP 1.0 to 1.1.4 (12.x) RealNetworks RealPlayer SP 11.0 to 11.1 on Windows platform.

• http://secunia.com/advisories/38550/
• http://service.real.com/realplayer/security/10152010_player/en/
• http://service.real.com/realplayer/security/12102010_player/en/

---

Updated on 2015-03-25