eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite stack memory with arbitrary data and execute arbitrary code in the context of the user who executed the player. This specific flaw exists in the first data packet contained in a Real Media file. By specially crafting a malformed .rm movie file, a direct stack overwrite is triggered, and reliable code execution is then possible. Systems Affected include Windows: RealPlayer 10.5 (6.0.12.1040-1235), RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, RealPlayer Enterprise, Mac: RealPlayer 10, Linux: RealPlayer 10 (10.0.0 - 5), Helix Player (10.0.0 - 5).
388915a016f8b5eefe252bbe9e9418bed2477734934e7969d49035046f7b6823