RealNetworks RealPlayer Multiple Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary codes within the context of the application.

Solution

Upgrade to RealPlayer SP version 1.1.5, For updates refer to http://www.real.com/player

Insight

The multiple flaws are due to, - Array index error in the player, which allows attackers to execute arbitrary code via a malformed header in a RealMedia '.IVR' file. - Unspecified errors in the player, which allows attackers to bypass intended access restrictions on files via unknown vectors.

Affected

RealNetworks RealPlayer 11.0 to 11.1 on Windows platform.

References

http://service.real.com/realplayer/security/08262010_player/en/
http://xforce.iss.net/xforce/xfdb/61424
http://xforce.iss.net/xforce/xfdb/61426

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2996, CVE-2010-3002

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)
Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)
Adobe Flash Media Server Multiple Remote Security Vulnerabilities
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)

Take action and discover your vulnerabilities