QUOTE
Description:
Piotr Bania has reported a vulnerability in Realplayer and RealOne, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when processing RAM files and can be exploited to cause a buffer overflow via a specially crafted RAM file.
Successful exploitation allows execution of arbitrary code.
The vulnerability affects the following products:
* RealPlayer 10.5 (6.0.12.1040-1059)
* RealPlayer 10
* RealOne Player v2
* RealOne Player v1
* RealPlayer 8
* RealPlayer Enterprise
* Mac RealPlayer 10 (10.0.0.305 - 331)
* Mac RealOne Player
* Linux RealPlayer 10 (10.0.0 - 3)
* Helix Player (10.0.0 - 3)
Solution:
Apply patches.
RealOne / RealPlayer for Windows and Mac:
Patches are available via the "Check for Update" feature.
RealPlayer Enterprise:
http://docs.real.com/docs/pnen3260.dll
RealPlayer 10 for Linux:
http://www.real.com/linux
Helix Player for Linux:
http://player.helixcommunity.org/downloads/
Piotr Bania has reported a vulnerability in Realplayer and RealOne, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when processing RAM files and can be exploited to cause a buffer overflow via a specially crafted RAM file.
Successful exploitation allows execution of arbitrary code.
The vulnerability affects the following products:
* RealPlayer 10.5 (6.0.12.1040-1059)
* RealPlayer 10
* RealOne Player v2
* RealOne Player v1
* RealPlayer 8
* RealPlayer Enterprise
* Mac RealPlayer 10 (10.0.0.305 - 331)
* Mac RealOne Player
* Linux RealPlayer 10 (10.0.0 - 3)
* Helix Player (10.0.0 - 3)
Solution:
Apply patches.
RealOne / RealPlayer for Windows and Mac:
Patches are available via the "Check for Update" feature.
RealPlayer Enterprise:
http://docs.real.com/docs/pnen3260.dll
RealPlayer 10 for Linux:
http://www.real.com/linux
Helix Player for Linux:
http://player.helixcommunity.org/downloads/