Test ID:	1.3.6.1.4.1.25623.1.0.801779
Category:	General
Title:	RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerability - Windows
Summary:	RealPlayer is prone to a code execution vulnerability.
Description:	Summary: RealPlayer is prone to a code execution vulnerability. Vulnerability Insight: The flaw is caused by an error within the 'OpenURLInDefaultBrowser()' method when processing user-supplied parameters, which could allow an attacker to execute arbitrary code via a specially crafted '.rnx' file. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code within the context of the affected application. Failed attacks may cause denial-of-service conditions. Affected Software/OS: RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.5 (12.x) RealPlayer versions 14.0.0 through 14.0.2 Solution: Upgrade to RealPlayer version 14.0.3 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1426 BugTraq ID: 47335 http://www.securityfocus.com/bid/47335 Bugtraq: 20110412 ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/517470/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-11-122/ http://securitytracker.com/id?1025351 http://www.vupen.com/english/advisories/2011/0979 XForce ISS Database: realplayer-openurlindefaultbrowser-code-exe(66728) https://exchange.xforce.ibmcloud.com/vulnerabilities/66728
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.