Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player, allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a a size value that is less than the actual size, or (2) other unspecified manipulations.
This issue can result in memory corruption and facilitate arbitrary code execution. A successful attack can allow remote attackers to execute arbitrary code in the context of the application to gain unauthorized access.
Refer to the RealNetworks Customer Support - Real Security Updates Web page for upgrade information. See References.
For Red Hat Linux:
Refer to Red Hat Linux Security Advisory RHSA-2006:0257-9 for patch, upgrade, or suggested workaround information. See References.
For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-03-24 for patch, upgrade, or suggested workaround information. See References.
For SUSE Linux:
Refer to SUSE Security Announcement SUSE-SA:2006:018 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Contact your vendor for upgrade or patch information.