| VID |
28292 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
According to its build number, the installed version of RealPlayer on the remote Windows host is affected by a heap corruption vulnerability when processing AVI headers.
By tricking a user into opening a specially crafted AVI file, a remote attacker can leverage this issue to execute arbitrary code on the remote host subject to the privileges of the user running the affected application.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.zerodayinitiative.com/advisories/ZDI-11-033/
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0521.html
http://service.real.com/realplayer/security/01272011_player/en/
* Platforms Affected:
RealPlayer for Windows Build 12.0.1.633 |
| Recommendation |
Upgrade to the latest version available from the RealNetworks Web site at http://kr.real.com/?error=/plus |
| Related URL |
CVE-2010-4393 (CVE) |
| Related URL |
46047 (SecurityFocus) |
| Related URL |
(ISS) |
|
