Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Windows >> RealPlayer / RealOne Player for Windows Multiple Vulnerabilities

Vulnerability Assessment Details

RealPlayer / RealOne Player for Windows Multiple Vulnerabilities
Vulnerability Assessment Summary
Checks for multiple vulnerabilities in RealPlayer / RealOne Player for Windows

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Windows application is affected by multiple
vulnerabilities.

Description :

According to its version number, the installed version of RealPlayer /
RealOne Player for Windows is prone to several vulnerabilities :

- A malicious MP3 file can be used to overwrite an arbitrary
file or execute an ActiveX control.

- Using a specially-crafted RealMedia file, a possible hacker may
be able to cause a heap overflow and run arbitrary code
within the context of the affected application.

- Using a specially-crafted AVI file, a possible hacker may
be able to cause a buffer overflow and run arbitrary
code within the context of the affected application.

- A malicious website may be able to cause a local HTML
file to be created that triggers an RM file to play
which would then reference the local HTML file.

See also :

http://www.idefense.com/application/poi/display?id=250&type=vulnerabilities
http://research.eeye.com/html/advisories/published/AD20050623.html
http://www.securityfocus.com/archive/1/403535/30/0/threaded
http://service.real.com/help/faq/security/050623_player/EN/

Solution :

Upgrade according to the vendor advisory referenced above.

Network Security Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)

Networks Security ID: 13530, 14048, 14073

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security
Cables, Connectors


G5T03 Dell Intel DC S3700 Series 800GB SATA 6Gb/s 2.5

G5T03 Dell Intel DC S3700 Series 800GB SATA 6Gb/s 2.5" SSD 0G5T03 SSDSC2BA800G3E

$55.00


HPGYT DELL 960GB SATA 6Gb/s 2.5in Internal SSD 0HPGYT MTFDDAK960TCB picture

HPGYT DELL 960GB SATA 6Gb/s 2.5in Internal SSD 0HPGYT MTFDDAK960TCB

$69.00


X371A NETAPP 960GB SAS 12Gb/s 2.5'' SSD 108-00546+A1 A2 MZ-ILT960A MZ-ILS800B picture

X371A NETAPP 960GB SAS 12Gb/s 2.5'' SSD 108-00546+A1 A2 MZ-ILT960A MZ-ILS800B

$130.00


### MZ-7KE1T0 Samsung 850 Pro Series 1TB 2.5 inch SATA3 SSD ### picture

### MZ-7KE1T0 Samsung 850 Pro Series 1TB 2.5 inch SATA3 SSD ###

$105.00


Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5

Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5" SATA 3 6GB/s Internal SSD PC/MAC Lot

$14.99


1x 480GB SATA SSD Generic Intel 2.5

1x 480GB SATA SSD Generic Intel 2.5" Enterprise SSD Drive 6Gbps

$20.00


Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot picture

Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot

$13.99


Patriot P210 256GB SSD 2.5

Patriot P210 256GB SSD 2.5" SATA III 6GB/s Internal Solid State Drive For PC/MAC

$19.99


Fanxiang M.2 SATA SSD 2TB 1TB 512GB 256GB SSD Internal M2 Solid State Drive Lot picture

Fanxiang M.2 SATA SSD 2TB 1TB 512GB 256GB SSD Internal M2 Solid State Drive Lot

$109.99


Fanxiang SSD 512GB 1TB 2TB 4TB 2.5''SATA III Internal Solid State Hard Drive LOT picture

Fanxiang SSD 512GB 1TB 2TB 4TB 2.5''SATA III Internal Solid State Hard Drive LOT

$188.99


Discussions

No Discussions have been posted on this vulnerability.