Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Windows --> Category: infos

Rhapsody vidplin.dll AVI Processing Heap Overflow Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks for vidplin.dll AVI processing heap overflow vulnerability in Rhapsody

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote Windows host contains a multimedia player that is prone to a
buffer overflow attack.

Description :

The remote installation of Rhapsody has a heap overflow in
RealPlayer's 'vidplin.dll' file used to process AVI files. With a
specially-crafted AVI file, a possible hacker can exploit this flaw to cause
arbitrary code to be run within the context of the affected
application when a user opens the file.

See also :

http://research.eeye.com/html/advisories/published/AD20050623.html
http://service.real.com/help/faq/security/050623_player/EN/

Solution :

Upgrade according to the vendor advisory referenced above.

Threat Level:

High / CVSS Base Score : 8
(AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.