iDefense Security Advisory 12.10.10 - Remote exploitation of a memory corruption vulnerability in RealNetworks, Inc.'s RealPlayer media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the way RealPlayer handles specially crafted RealMedia video files. When processing specially crafted RealMedia files, RealPlayer uses a value from the file to control a loop operation. Realplayer fails to validate the value before using it, which leads to heap memory corruption and an exploitable condition. Windows RealPlayer SP 1.1.4 and prior and Linux RealPlayer 11.0.2.1744 and prior are vulnerable.
20860fab9f0b4fd748f1480da66279c60bc47283a6fe3a8512256b3a4f42c383