Zero Day Initiative Advisory 12-183 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the rv40.dll component for RealNetworks RealPlayer. When parsing a stream containing RV40 sample data, a value is miscalculated before being used as an offset from a base pointer address. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
2aa9302ee49225690c8e6c4edcf9e73a9d534ec59c2657f186cd322e97a6ff21