I completed a scan of a windows xp sp2 laptop that had Real Player Enterprise
nstalled. Various plug ins report that realplayer was vulberabile to various
exploits.
I'm running Nessus 3.0.5 Build W313, plugins were updated on 22 May, Nessus is
installed on a Windows XP SP2 with most of the security patches up to date.
Some of the plug ins I see in my report
Plugin 21140 - RealPlayer for Windows < 6.0.12.1483
Plusin 21183 - Real Player Detection
Plugin 20184 - RealPlayer for Windows Multiple Vulnerabilities
21140 checks versioning information # There's a problem if the version is
before 6.0.12.1483"
20184 checks versioning information # There's a problem if the version is
6.0.12.1235 or older.
The above check would seam to work for 6.0.12.1578 which is the latest build of
Real Player (consumer version).
From what I've been able to find the lastest verion for RealPlayer Enterprise
is 6.0.11.2160, if the check is for anything before 6.0.12.1483 or 6.0.12.1235
or older the newest version of RealPlayer Enterprise would also fail.
Plugin 21183 Currently verifies the installed Version 6.0.11.2012 of RealPlayer
and is installed at C:\Program Files\Real\RealPlayer Enterprise\realplay.exe
With all of that said, what I'm trying to determine is if the RealPlayer
Enterprise binaries are vulnerabile to exploits that are defined in Plug in
21140 and 20184, or is the problem related to the version numbers that are
different between Realplayer 6.0.12.1578 consumer version and Realplayer
Enterprise that is 6.0.11.2160.
Any information or a point in the right direction to help me verifiy this
problem would be great.
Thank You
Take Care and Have Fun --John
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
