Summary
This host is installed with RealPlayer which is prone to multiple vulnerabilities
Impact
Successful exploitation allows remote attackers to execute arbitrary code.
Impact Level: Application
Solution
Upgrade to RealPlayer version 15.02.71 or later,
For updates refer to http://www.real.com/player
Insight
The flaws are due to
- An unspecified error in rvrender.dll, which allows to execute arbitrary code via a crafted flags in an RMFF file.
- Improper handling of the frame size array by the RV20 codec, which allows to execute arbitrary code via a crafted RV20 RealVideo video stream.
- Unspecified errors when processing VIDOBJ_START_CODE segments and coded_frame_size value in RealAudio audio stream.
- An unspecified error in the RV40 and RV10 codec, which allows to execute arbitrary code via a crafted RV40 or RV10 RealVideo video stream.
Affected
RealPlayer versions 11.x and 14.x
RealPlayer versions 15.x before 15.02.71
RealPlayer SP versions 1.0 through 1.1.5 (12.0.0.879)
References
Severity
Classification
-
CVE CVE-2012-0922, CVE-2012-0923, CVE-2012-0924, CVE-2012-0925, CVE-2012-0926, CVE-2012-0927 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X