##############################################################################
#
#  RealPlayer MID File Handling Remote Denial of Service Vulnerability
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2007/01/18
#
#  $Revision: 1.1 $
#
#  $Log: os2a_realplayer_mid_dos_vuln_602008.nasl,v $
#  Revision 1.1  2007/01/19 18:27:00  schandan
#  To Production. Issue #3551
#
#  Revision 1.1  2007/01/19 04:05:07  jprajna
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(description)
{
 script_id(602008);
 script_bugtraq_id(22050);
 script_copyright(english:"Copyright (C) 2007 OS2A");
 script_version("$Revision: 1.1 $");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Denial of Service");
 script_name(english:"RealPlayer MID File Handling Remote Denial of Service Vulnerability");
 script_summary(english:"Check for the vulnerable version of RealPlayer");
 desc["english"] = "
 Overview : This host has Real Player installed, which is prone to denial of
 service vulnerability.

 The vulnerability is caused due to the application which fails to handle
 specially crafted mid files. 

 Impact : Successful exploitation allows remote attackers to crash the 
 application, denying further service to legitimate users and also execute
 the arbitrary code.

 Scope of impact is limited to application/system level.

 Affected Software : RealNetworks RealPlayer version 10.5 and prior.

 Affected Platform : Windows (Any).

 Solution: No vendor supplied patch or update is available as on 19 Jan 2007.
 Information regarding this issue will be updated once the solution details
 are available.
 For updates check, http://www.real.com/international/download

 References :
 http://www.securityfocus.com/data/vulnerabilities/exploits/22050.py 

 CVSS Score :
        CVSS Base Score     : 6.8 (AV:R/AC:H/Au:NR/C:P/I:P/A:C/B:A)
        CVSS Temporal Score : 6.1
 Risk factor : Medium";
 script_description(english:desc["english"]);
 script_dependencies("os2a_real_version_600016.nasl");
 script_require_keys("RealPlayer/Version");
 exit(0);
}


 if(ereg(pattern:"^([0-5]\..*|6\.0\.(([0-9]|1[01])\..*|12\.([0-9]?[0-9]?" +
                 "[0-9]|1([0-6][0-9][0-9]|7([0-3][0-9]|4[01])))))$",
         string:get_kb_item("RealPlayer/Version"))){
 	security_warning(0);
 }