RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with RealPlayer which is prone to Code Execution Vulnerability.

Impact

Successful exploitation allows remote attackers to execute arbitrary code within the context of the affected application. Failed attacks may cause denial-of-service conditions.

Solution

Upgrade to RealPlayer version 14.0.3 or later, For updates refer to http://www.real.com/player

Insight

The flaw is caused by an error within the 'OpenURLInDefaultBrowser()' method when processing user-supplied parameters, which could allow an attacker to execute arbitrary code via a specially crafted '.rnx' file.

Affected

RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.5 (12.x) RealPlayer versions 14.0.0 through 14.0.2

References

http://securitytracker.com/id?1025351
http://www.securityfocus.com/archive/1/archive/1/517470/100/0/threaded
http://www.vupen.com/english/advisories/2011/0979
http://xforce.iss.net/xforce/xfdb/66728

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1426

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)
Adobe Air Multiple Vulnerabilities - December12 (Windows)

Take action and discover your vulnerabilities