Test ID:	1.3.6.1.4.1.25623.1.0.801674
Category:	General
Title:	RealNetworks RealPlayer Multiple Vulnerabilities (Dec 2010) - Windows
Summary:	RealPlayer is prone to multiple vulnerabilities.
Description:	Summary: RealPlayer is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An use-after-free error allows remote attackers to execute arbitrary code or cause a denial of service via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format. - An integer overflow error allows remote attackers to execute arbitrary code or cause a denial of service via a malformed MLLT atom in an AAC file. - An array index error allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service. Affected Software/OS: RealPlayer SP 1.0 to 1.0.1 (12.x) RealNetworks RealPlayer SP 11.0 to 11.1 on Windows platform. Solution: Upgrade to RealPlayer 14.0.1.609 (Build 12.0.1.609) or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2997 http://www.zerodayinitiative.com/advisories/ZDI-10-270 http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 Common Vulnerability Exposure (CVE) ID: CVE-2010-2999 http://www.zerodayinitiative.com/advisories/ZDI-10-273 Common Vulnerability Exposure (CVE) ID: CVE-2010-2998 BugTraq ID: 44144 http://www.securityfocus.com/bid/44144 http://www.zerodayinitiative.com/advisories/ZDI-10-209/
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.