RealNetworks has issued a series of updates to fix four vulnerabilities in the Windows, Mac and Linux versions of RealPlayer 10 and 11. Click here to see which versions are affected on which platforms.
The vulnerabilities include:
- RealPlayer ActiveX controls property heap memory corruption.—A variety of versions are vulnerable to heap overflows from mismanaging memory for the software.
- Local resource reference vulnerability in RealPlayer.—No meaningful description was provided for this flaw.
- RealPlayer SWF file heap-based buffer overflow.—We reported on this the other day. Processing a malicious Flash SWF file can cause a heap-based overflow.
- RealPlayer ActiveX import method buffer overflow.—Deleting a vulnerable file from the user's media library triggers a stack overflow and can cause arbitrary code execution.