Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.REALPLAYER_12_0_1_633.NASL
HistoryJan 28, 2011 - 12:00 a.m.

RealPlayer for Windows < Build 12.0.1.633 Multiple Remote Code Execution Vulnerabilities

2011-01-2800:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
14

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.845

Percentile

98.6%

JSON

According to its build number, the installed version of RealPlayer on the remote Windows host is affected by multiple code execution vulnerabilities :

  • A heap corruption vulnerability when processing AVI headers. (CVE-2010-4393)

  • A flaw exists in the temporary file naming scheme used for storage which can be combined with the OpenURLinPlayerBrowser function to execute arbitrary code. (CVE-2011-0694)

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(51814);
  script_version("1.12");
  script_cvs_date("Date: 2018/11/15 20:50:28");

  script_cve_id("CVE-2010-4393", "CVE-2011-0694");

  script_bugtraq_id(46047, 46285);
  script_xref(name:"Secunia", value:"43098");
  script_xref(name:"Secunia", value:"43268");

  script_name(english:"RealPlayer for Windows < Build 12.0.1.633 Multiple Remote Code Execution Vulnerabilities");
  script_summary(english:"Checks RealPlayer build number.");

  script_set_attribute(attribute:"synopsis", value:
"A multimedia application on the remote Windows host can be abused to
execute arbitrary code.");

  script_set_attribute(attribute:"description", value:
"According to its build number, the installed version of RealPlayer on
the remote Windows host is affected by multiple code execution 
vulnerabilities :

  - A heap corruption vulnerability when processing AVI 
    headers. (CVE-2010-4393)

  - A flaw exists in the temporary file naming scheme used
    for storage which can be combined with the 
    OpenURLinPlayerBrowser function to execute arbitrary
    code. (CVE-2011-0694)");

  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-033/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-076/");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2011/Jan/518");
  script_set_attribute(attribute:"see_also", value:"http://service.real.com/realplayer/security/01272011_player/en/");
  script_set_attribute(attribute:"see_also", value:"http://service.real.com/realplayer/security/02082011_player/en/");
  script_set_attribute(attribute:"solution", value:"Upgrade to RealPlayer 14.0.2.633 (Build 12.0.1.633) or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
  
  script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/28");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:realnetworks:realplayer");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  
  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("realplayer_detect.nasl");
  script_require_keys("SMB/RealPlayer/Product", "SMB/RealPlayer/Build");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");

prod = get_kb_item_or_exit("SMB/RealPlayer/Product");
build = get_kb_item_or_exit("SMB/RealPlayer/Build");
path = get_kb_item("SMB/RealPlayer/Path");
version = get_kb_item("SMB/RealPlayer/Version");

vuln = FALSE;
if ("RealPlayer" == prod)
{
  if (ver_compare(ver:build, fix:'12.0.1.633') == -1) vuln = TRUE;
}
else if ("RealPlayer SP" == prod)
{
  # Check for all versions of RealPlayer SP up to and including 12.0.0.879 (version 1.1.5)
  if (build =~ '^12\\.0\\.0\\..*' && ver_compare(ver:build, fix:'12.0.0.879') <= 0) vuln = TRUE;
}
else exit(0, 'Neither RealPlayer nor RealPlayer SP was detected on the remote host.');

if (vuln)
{
  if (report_verbosity > 0)
  {
    report = 
      '\n  Product           : ' + prod +
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version + 
      '\n  Installed build   : ' + build +
      '\n  Fix               : RealPlayer Build 12.0.1.633\n';
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
  exit(0);
}
else exit(0, 'The host is not affected because '+prod+' build '+build+' is installed.');

Related

openvas 2
nessus 1
checkpoint_advisories 2
cvelist 2
zdi 2
nvd 2
prion 2
cve 2
securityvulns 2
openvas
openvas
RealNetworks RealPlayer Buffer Overflow Vulnerability - Windows
2011-02-18 00:00:00
RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows)
2011-02-18 00:00:00
nessus
nessus
Real Networks RealPlayer < 14.0.2.633 (Build 12.0.1.633) Multiple Remote Code Execution Vulnerabilities
2010-11-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Realplayer vidplin.dll AVI Header Parsing Code Execution - Ver2 (CVE-2010-4393)
2014-04-16 00:00:00
Realplayer vidplin.dll AVI Header Parsing Code Execution - Ver2 (CVE-2010-4393)
2014-04-16 00:00:00
cvelist
cvelist
CVE-2010-4393
2011-01-31 20:00:00
CVE-2011-0694
2011-02-21 17:00:00
zdi
zdi
Realplayer vidplin.dll AVI Parsing Remote Code Execution Vulnerability
2011-01-27 00:00:00
RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability
2011-02-08 00:00:00
nvd
nvd
CVE-2010-4393
2011-01-31 21:00:03
CVE-2011-0694
2011-02-21 18:00:01
prion
prion
Heap overflow
2011-01-31 21:00:00
Cross site scripting
2011-02-21 18:00:00
cve
cve
CVE-2010-4393
2011-01-31 21:00:03
CVE-2011-0694
2011-02-21 18:00:01
securityvulns
securityvulns
RealNetworks RealPlayer code execution
2011-02-11 00:00:00
ZDI-11-076: RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability
2011-02-11 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.845

Percentile

98.6%

JSON
Related for REALPLAYER_12_0_1_633.NASL
openvas2nessus1checkpoint_advisories2cvelist2zdi2nvd2prion2cve2securityvulns2