Zero Day Initiative Advisory 10-09 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's parsing of IVR files. The process trusts size values present in the file and uses them unsafely in various file I/O and memory allocation operations. A specially crafted file can cause memory overflows to occur leading to arbitrary code execution under the context of the user running the player.
70bc856e99610dee516d0430ba457bb8abd7fd0097a1e5c4fe050301fae6ae2a
RealNetworks RealPlayer version 11 suffers from multiple code execution vulnerabilities when processing IVR files.
72e4e1e0d9144e2f6ac6fd0c86635d4392f59bb349d2bd69c4b436d1e28da956