Intrusion Prevention

RealNetworks.RealPlayer.RM.File.Processing.Heap.Corruption

Description

This indicates an attempt to exploit a heap-corruption vulnerability in RealNetworks RealPlayer.
The vulnerability is due to boundary errors when processing RM files. A remote attacker can exploit the vulnerability by enticing a user to open a crafted RM file.

Affected Products

Real Networks RealPlayer Enterprise
Real Networks RealPlayer 8
Real Networks RealPlayer 10 for Mac OS 10.0 481
Real Networks RealPlayer 10 for Mac OS 10.0 412
Real Networks RealPlayer 10 for Mac OS 10.0 396
Real Networks RealPlayer 10 for Mac OS 10.0 352
Real Networks RealPlayer 10 for Mac OS 10.0 .0.331
Real Networks RealPlayer 10 for Mac OS 10.0.0.325
Real Networks RealPlayer 10 for Mac OS 10.0.0.305
Real Networks RealPlayer 10 for Linux 10.0.8
Real Networks RealPlayer 10 for Linux 10.0.7
Real Networks RealPlayer 10 for Linux 10.0.6
Real Networks RealPlayer 10 for Linux 10.0.5
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.0
Real Networks RealOne Player for Mac 0
Real Networks RealOne Player 2.0
Real Networks RealOne Player 1.0
Real Networks Helix Player for Linux 10.0.7
Real Networks Helix Player for Linux 10.0.6
Real Networks Helix Player for Linux 10.0.5
Real Networks Helix Player for Linux 10.0 8

Impact

System Compromise: Remote code execution.

Recommended Actions

Refer to the RealNetworks Customer Support - Real Security Updates web page for upgrade information:
http://www.service.real.com/realplayer/security/10252007_player/en/.

CVE References

CVE-2007-5081