> ----------------------------------------------------------------------
>
> TITLE:
> RealPlayer/RealOne/HelixPlayer Multiple Buffer Overflows
>
> SECUNIA ADVISORY ID:
> SA27361
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> RealPlayer 10.x
>
> RealPlayer Enterprise 1.x
>
> RealOne Player 1.x
>
> RealOne Player 2.x
>
> Helix Player 1.x
>
>
> DESCRIPTION:
> Multiple vulnerabilities have been reported in
> RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious
> people to compromise a user's system.
>
> The vulnerabilities are caused due to boundary errors when processing
> various media and playlist files (e.g. mp3, rm, SMIL, swf, ram, pls)
> and can be exploited to cause heap-based and stack-based buffer
> overflows via specially-crafted files.
>
> The following products are affected by one or all vulnerabilities
> (see vendor's advisory for details):
> * RealPlayer 10.5 (6.0.12.1040-6.0.12.1578, 6.0.12.1698,
> 6.0.12.1741)
> * RealPlayer 10
> * RealOne Player v2
> * RealOne Player v1
> * RealPlayer 8
> * RealPlayer Enterprise
> * Mac RealPlayer 10.1 (10.0.0. 481)
> * Mac RealPlayer 10.1 (10.0.0.396 - 10.0.0.412)
> * Mac RealPlayer 10 (10.0.0.352)
> * Mac RealPlayer 10 (10.0.0.305 - 331)
> * Mac RealOne Player
> * Linux RealPlayer 10 (10.0.5 - 10.0.8)
> * Helix Player (10.0.5 - 10.0.8)
>
> SOLUTION:
> Update to the latest versions. Please see the vendor's advisory for
> details.
>
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> * John Heasman, NGS Software
> * Piotr Bania
> * Anonymous researchers, reported via ZDI
>
> ORIGINAL ADVISORY:
> RealNetworks:
>
>
>
