Tenable5748.PRMReal Networks RealPlayer < 14.0.2.633 (Build 12.0.1.633) Multiple Remote Code Execution Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.6%
The remote host is running RealPlayer, a multi-media application.
RealPlayer builds earlier than 12.0.1.633 are potentially affected by multiple code execution vulnerabilities : - A heap corruption vulnerability when handling specially crafted AVI headers. (CVE-2010-4393)
- A flaw exists in the temporary file naming scheme used for storage which can be combined with the OpenURLinPlayerBrowser function to execute arbitrary code. (CVE-2011-0694)
Binary data 5748.prmReferences
archives.neohapsis.com/archives/fulldisclosure/2011-01/0521.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0694
service.real.com/realplayer/security/01272011_player/en
service.real.com/realplayer/security/02082011_player/en
www.zerodayinitiative.com/advisories/ZDI-11-033
www.zerodayinitiative.com/advisories/ZDI-11-076
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.6%