RealPlayer is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted multi-rate audio stream, a context-dependent attacker can potentially execute arbitrary code.

Upgrade RealPlayer to version 14.0.0 or SP 1.0 or higher for Windows, 12.0.0.1444 or higher for Mac, or 11.0.2.2315 or higher for Linux, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2010-4375 (see also: NVD)
• Secunia Advisory ID: 38550 42532 42565
• RedHat RHSA: http://rhn.redhat.com/errata/RHSA-2010-0981.html
• Vendor Specific News/Changelog Entry: http://service.real.com/realplayer/security/12102010_player/en/
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-10-266

• Anonymous - Zero Day Initiative (ZDI)