Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system.

1) An error when processing certain specially crafted ASMRuleBook structures can be exploited to cause a heap corruption.

2) An error exists when parsing GIF images with specially crafted chunk sizes, which can be exploited to cause a heap-based buffer overflow.

3) An integer overflow error exists within the processing of received HTTP chunks, which can be exploited to cause a heap-based buffer overflow.

4) An error within the RealPlayer SIPR codec when parsing certain codec fields with a small length value can be exploited to cause a heap-based buffer overflow.

5) The "CGIFCodec::InitDecompress()" function does not properly validate a certain field when processing compressed GIF images, which can be exploited to cause a heap-corruption by e.g. tricking a user into opening a malicious RTSP stream.

6) A boundary error related to "getAtom" in smlrender.dll can be exploited to exploited to cause a heap-based buffer overflow.

7) A boundary error when processing certain fields from the web.xmb file when parsing RealPlayer .RJS skin files can be exploited to cause a stack-based buffer overflow.

Note: Successful exploitation requires that the user confirms switching to the new skin.

8) An unspecified error related to the RealPlayer ASM RuleBook can be exploited to cause an "array overflow".

9) An integer overflow error within the "CMediumBlockAllocator::Alloc()" function can be exploited to cause a heap corruption.

10) Two vulnerabilities are caused due to errors within the processing of Internet Video Recording (IVR) files.

For more information:
SA33810

11) An array-indexing error in the parsing of RealMedia IVR content can be exploited to reference memory outside a list of objects.

The following products are affected by one or all vulnerabilities (see vendor's advisory for details):
* RealPlayer SP 1.0.0 and 1.0.1
* RealPlayer 11 11.0.5 and higher
* RealPlayer 11 11.0.0, 11.0.1 - 11.0.4
* RealPlayer 10.5 6.0.12.1675, 6.0.12.1040-6.0.12.1663, 6.0.12.1698, 6.0.12.1741
* RealPlayer 10
* RealPlayer Enterprise 1.14 (version 6.0.11.2651) and 2.1.1 (version 6.0.12.1798)
* Mac RealPlayer 10, 10.1, 11.0, 11.0.1
* Helix Player 10.*, 11.0.0, 11.0.1
* Linux RealPlayer 10, 11.0.0, 11.0.1

Solution
Update to RealPlayer SP 1.0.2 or later, Mac RealPlayer 11.1, Linux RealPlayer 11.0.2, Helix Player 11.0.2, or the latest version of RealPlayer Enterprise.

Provided and/or discovered by
1, 2, 4, 6, 11) An anonymous person via ZDI.
3, 5, 9) An anonymous person via iDefense VCP.
7) Peter Vreugdenhil via ZDI.
8) The vendor credits Evgeny Legerov.

Changelog
Further details available in Customer Area

Original Advisory
RealNetworks:
http://service.real.com/realplayer/security/01192010_player/en/
http://www.realnetworks.com/uploadedFiles/support/product_information/SecurityUpdate011910RPE.pdf

ZDI:
1) http://www.zerodayinitiative.com/advisories/ZDI-10-005/
2) http://www.zerodayinitiative.com/advisories/ZDI-10-006/
4) http://www.zerodayinitiative.com/advisories/ZDI-10-008/
6) http://www.zerodayinitiative.com/advisories/ZDI-10-007/
7) http://www.zerodayinitiative.com/advisories/ZDI-10-010/
11) http://www.zerodayinitiative.com/advisories/ZDI-10-209/

iDefense:
3) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=837
5) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=839
9) http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=838

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area