I completed a scan of a windows xp sp2 laptop that had Real Player Enterprise nstalled. Various plug ins report that realplayer was vulberabile to various exploits.
I'm running Nessus 3.0.5 Build W313, plugins were updated on 22 May, Nessus is installed on a Windows XP SP2 with most of the security patches up to date. Some of the plug ins I see in my report Plugin 21140 - RealPlayer for Windows < 6.0.12.1483 Plusin 21183 - Real Player Detection Plugin 20184 - RealPlayer for Windows Multiple Vulnerabilities 21140 checks versioning information # There's a problem if the version is before 6.0.12.1483" 20184 checks versioning information # There's a problem if the version is 6.0.12.1235 or older. The above check would seam to work for 6.0.12.1578 which is the latest build of Real Player (consumer version). >From what I've been able to find the lastest verion for RealPlayer Enterprise >is 6.0.11.2160, if the check is for anything before 6.0.12.1483 or 6.0.12.1235 > or older the newest version of RealPlayer Enterprise would also fail. Plugin 21183 Currently verifies the installed Version 6.0.11.2012 of RealPlayer and is installed at C:\Program Files\Real\RealPlayer Enterprise\realplay.exe With all of that said, what I'm trying to determine is if the RealPlayer Enterprise binaries are vulnerabile to exploits that are defined in Plug in 21140 and 20184, or is the problem related to the version numbers that are different between Realplayer 6.0.12.1578 consumer version and Realplayer Enterprise that is 6.0.11.2160. Any information or a point in the right direction to help me verifiy this problem would be great. Thank You Take Care and Have Fun --John _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
