2) An unspecified error can be exploited to reference local resources.
3) A design error within the handling of frames in Shockwave Flash (SWF) files can be exploited to cause a heap-based buffer overflow.
4) A boundary error in rjbdll.dll can be exploited to cause a stack-based buffer overflow by importing a media library file using an ActiveX control and deleting the imported file.
Successful exploitation of the vulnerabilities allow execution of arbitrary code.
The following products are affected by one or all vulnerabilities (see vendor's advisory for details):
* RealPlayer 11 (11.0.0 - 11.0.2 builds 22.214.171.1248 - 126.96.36.1992)
* RealPlayer 10.5 (188.8.131.520-184.108.40.2063, 220.127.116.118, 18.104.22.1681)
* RealPlayer 10
* RealPlayer Enterprise
* Mac RealPlayer 10.1 (10.0.0.396 - 10.0.0.503)
* Mac RealPlayer 10 (10.0.0.305 - 352)
* Linux RealPlayer 10
Solution: Update to the latest versions. Please see the vendor's advisory for details.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org